Spammers hack Lycos' anti-spam Web site

Lycos on Tuesday kicked off its "make love not spam" campaign by offering users a screensaver that helps to launch distributed denial-of-service (DDoS) attacks on spammers' Web sites. The company said the screensaver uses the idle processing power of a computer to slow down the response times from spammers' Web sites – much in the same way spammers use compromised PCs to distribute unsolicited e-mail messages.

However, within hours of the makelovenotspam.com site being launched, the original front page was replaced with a simple message:

"Yes, attacking spammers is wrong. You know this, you shouldn’t be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."

Finnish anti-virus firm F-Secure, which advised users not to participate in Lycos’s campaign because of "possible legal problems", suspects the site has been hacked by a pro-spam group because "they definitely would have a motive to attack the site".

F-Secure reported that the Web site had returned to normal by around 6am (Sydney time) but at the time of writing makelovenotspam.com is unavailable and could be under a retaliatory DDoS attack.

Earlier this year, Symbiot, a Texas-based security firm launched a corporate defence system that was designed to fight back against DDoS and hacker attacks by launching a counter-strike.

At the time, Symbiot's president Mike Erwin said that "totally passive" defences were "not an adequate deterrent" and argued that for complete defence an "offensive tactic must be employed".

Security experts were alarmed at the company’s attitude and warned that such tactics could be counterproductive.

Jay Heiser, chief analyst at IT risk management company TruSecure, said Symbiot’s proposal was a very bad criterion for choosing risk-reduction measures.

"There is no evidence that this is the most effective way to deal with the problems and there is quite a bit of historical precedence that indicates it is totally counterproductive," said Heiser.

Lycos was unavailable for comment.

ZDNet UK’s Dan Ilett contributed to this report

• Related stories

• Alerts

Add your opinion

1. N'uff talk. Didn't work. Let the war begin. About time the people had a weapon. Thank you Lycos! Anonymous -- 01/12/04

   N'uff talk. Didn't work. Let the war begin. About time the people had a weapon. Thank you Lycos!

   • Reply to comment
   • Reply to story
   • Report offensive content

2. Man... did the author actually do any research on Lycos's service? The service is not a DDOS attack! Do these idiots even know what a DDOS attack is? Anonymous -- 01/12/04

   Man... did the author actually do any research on Lycos's service? The service is not a DDOS attack! Do these idiots even know what a DDOS attack is?

   • Reply to comment
   • Reply to story
   • Report offensive content

3. Next Step ... Generalize MLNS ! Lycos should be applauded for giving the rest of us an EFFECTIVE way of fighting back. Let's face it, spammers have found enough spam friendly countries so that ordinary attempts to deal with Anonymous -- 03/12/04

   Next Step ... Generalize MLNS !
   Lycos should be applauded for giving
   the rest of us an EFFECTIVE way of
   fighting back. Let's face it, spammers
   have found enough spam friendly countries
   so that ordinary attempts to deal with
   them fall on deaf ISP ears.
   
   If the article's analysis of MLNS's
   current problems are correct (either
   it's become too popular or it is the
   subject of a DDOS attack), then the
   obvious next step is to generalize
   MLNS's functionality.
   
   Instead of going to a Lycos server
   for known SPAM sites, we need a version
   that keeps SPAM sites locally. A list and which
   can be created &/or updated by the end user
   themselves. Personally, I don't think I'll
   have any problem identifying which of the
   hundreds of SPAM emails I get daily are actually
   SPAM ! Give me a way to tag or send them from
   my mailer to MLNS & I'll gladly turn
   my PCs loose on the SPAM bastards !
   
   This appoach also solves the legal problems ...
   WRT DDOS being illegal, since each person
   would be responsible for determining which
   sites to hit from their machine and since
   a single machine cannot generate enough
   traffic to even come close to being
   labelled a DOS attack, there is no
   culpability on the part of any individual
   using a stand alone MLNS applet.
   Enough installed users could end up bringing
   any number of sites down, but DDOS is defined
   as a coordinated effort to disrupt a site.
   In this case it would be the independent
   action of thousands or millions of individuals !
   
   On the other hand, what if SPAMMERs got a
   hold of this tool and started using it to attack
   legitimate sites with their bot networks.
   I suppose some kind of filtering could
   be included; but then what would the SPAMMERs
   attack ? Lycos ? In addition, such an attack
   would not be profitable and would chew up bot
   bandwidth which is not being used for SPAM
   which apparently does make money (for the moment)
   Not to mention that SPAMMERs already have tools
   much like this which they already use to try
   and extort money from legitimate sites by
   threatening DDOS attacks and carrying them out
   on the sites that don't pay. So, I'm guessing
   that MLNS is probably a lot less effective that
   their current resources.
   
   Probably many more implications for this.
   
   Thoughts ?

   • Reply to comment
   • Reply to story
   • Report offensive content

4. Legal to attack a spamming website with similar strategies? Maybe not. Do these spammers deserve it? DEFINITELY! It's certainly very satisfying to see the culprits get a good dose of their own medicine! :-) Cheers to Lycos - I'll drink to that! Anonymous -- 29/01/05

   Legal to attack a spamming website with similar strategies? Maybe not. Do these spammers deserve it? DEFINITELY! It's certainly very satisfying to see the culprits get a good dose of their own medicine! :-) Cheers to Lycos - I'll drink to that!
   
   If Lycos gets their concept removed by law, then it will stand as a martyr to all those m****es who are the victims of spam.
   
   Now, if only someone clever can come up with a way to discourage those who help to fund these spammers - the idiots who actually buy from them! May all that Viagra make their ****es shrivel up. Let's hope they lose all their money on those spamming online casinos so that they won't be able to buy any more fake Rolexes and OEM software.

   • Reply to comment
   • Reply to story
   • Report offensive content

5. Hey! ZDNet just censored me!!! In my previous post, asterisks have replaced portions of words which may be potentially offensive. One word is the male organ, ok, fair enough if we can't mention genitalia here. But the other word is leg Anonymous -- 29/01/05

   Hey! ZDNet just censored me!!!
   
   In my previous post, asterisks have replaced portions of words which may be potentially offensive. One word is the male organ, ok, fair enough if we can't mention genitalia here.
   
   But the other word is legitimate! It means "the large collective group of the common people generally". I'll spell it again clearly here: m a s s e s. For some reason, ZDNet finds that potentially offensive??? Maybe I should have used the term "the general public" instead?
   
   Hmm... let's try a few more words to see if ZDNet might censor them...
   
   There's a U.K town called "S****horpe" which has been censored out unintentionally by search engines.
   
   If m****es gets censored, what about gr**** or gr****es? Or mol****es?
   
   What about for bird watchers, there are boobies and tits?
   
   What if your name was Cummings? What about the word "sex"? If sex wasn't allowed, then what about in words like "sextant" and "sextuple" or "Sussex"?
   
   I'm sure the "F" word would be censored so I won't even try, but what about "shag" as in shag-pile carpet?
   
   Now to Submit Comment and see what gets through....

   • Reply to comment
   • Reply to story
   • Report offensive content

6. mkm2006 Anonymous -- 24/07/05

   mkm2006

   • Reply to comment
   • Reply to story
   • Report offensive content

• Just In

• Most Popular

• Most Discussed

Reader Services

Popular Topics

Essentials