Lycos Anti-Spam Site Compromised [Updated]

An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.

No surprise

[JuggleGeek]

I'm not surprised. Spammers, phishers, and other scammers have obviously been hiring geeks to write software for them for some time. Without that, they wouldn't have armies of owned machines ready to send out their spam for them, etc.

The Lycos screensaver has gotten a lot of press, and could certainly put a crimp in the spammers pocketbooks, and spammers aren't honest, so why wouldn't they hack Lycos?

Simple Way To Counter Lycos Threat

[amigoro]

I am guessing that some of the spammers just changed their DNS records to make their domain names to point to the lycos site. Actually, now these spam targetted domains can be used as weapons, just by changing their DNS records. Well-done Lycos!

Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]

Re:No surprise

[Omniscientist]

Exactly, your average spammer I'm sure does not have the coding skills you need for what damage spam wrecks (though I'm sure a few do). That was the first thing I thought, that they hired someone to compromise Lycos. However, do you think this could bring further legal trouble possibly to the blacklisted spam sites? Might be a reasonable cause to do some investigation....

Re:"...is bad, you know this"

[Romancer]

On a side note, can we petition Slashdot to have a rotating link to spammers websites or the links in the spam they send. You know, to show we're looking at what they want to show us... a lot... a whole lot, enough to crash their bane of the internet.

good to see some ethics

[Anonymous Coward]

I glade to see some hackers excersing their abilities in an ethical manner. Two arguments follow the DoSing of spammers. First just because some one does something wrong does not justify you doing the same. Second once you have Lycos DoSing people they suspect as being spammers, where do you draw the line. Whats stopping them from DoSing their competitors or mom/pop. Also if the FBI is going to waltz around stating "bad 13 year old hacker, no DoSing for you" than why the hell does a massive corporation have any more of a right to deny access to ones internet connection.

Re:"Fighting" spammers

[Ilgaz]

http://www.spamcop.net/ [spamcop.net]

Yes, I know some postmasters hate it, Korea just doesn't care and China directly ignores them...

At least you do something legit and may have an effect. I saw lots of reports saying "ISP already took action" on lots of reports I send.

Well, getting 400 mails (four hundred) on my Yahoo Plus/week, I took a decision. I only report spams in my native language to Spamcop. Being in scene for too long, I know 98% of TR ISP's actually take action against them since I know their admins.

IMHO the thing must be done is, take care of all abuse reports, ESPECIALLY non geek users abuse reports (via spamcop) and take action. Action maybe blocking access of that account to net.

Spamcop's power comes from something else. It auto investigates the REFERENCED URL and its host. While those assholes use worms, zombies to send mail, unfortunately LOTS of people click on spam links so they must use a first class hosting provider generally.

First class hosting provider, especially on scam mail takes care of report since they don't want to get trouble with Citibank, FBI etc.

While you generally see ISP postmasters doesn't care about spamming customer, hosting provider takes care of spammer assholes "business"(!).

Taste of revenge ;)

it's neither

[frovingslosh]

No matter how illegal or unethical that cause may be!

I don'y believe it's either. The screen saver does not do a DNS, in fact it's written not to. The spammers obviously want a lot of traffic to their sites (they cram my mailboxes to try to get that traffic. Even started hitting my gmail mailbox tonight, and I've never given out that gmail address!). So I just see the application as a handy way to give them the traffic they want, maybe they can stop sending me so much mail to try to get it now. And it's hardly unethical. It's being done to try to stop or slow the scourage of the Internet. No ethical issues about it, these people not only cram inboxes to the extreme (some accounts where I get hundreds of pieces of spam a day are completely useless to me anymore), they have expanded their efforts to trojans and viruses to take over other systems. Any effort to slow or stop such people cannot be unethical.

Re:No surprise

[tacocat]

With a multi billion dollar reported earnings last year and well over 50% of the internet traffic, your arguements are far too little, far too late. There is a lot of information that can be gathered on the origins of spam.

But what do you do with that information? I can go through my mail logs daily and get a list of owned DSL/Cablemodem users. But when I've attempted to contact the ISP's about these owned machines and having them approach their customers, they do nothing. The closest I came was the response from my own ISP, "You aren't supposed to run a mail server on your machine." If I depended upon their mail server I would be inundated with spam.

Considering the damage and costs involved, I would have expected the ISP's to take more action then they have, but then it's a matter of economics. They are not responsible for the security of the network, which is a good thing. If they were, their reaction would be too Draconian.

My opinion is that the ISP should be responsible for identification and elimination of owned machines on their subnets, or at least to help others achieve that goal. This can all be done today without taking some heavy handed approach to the matter, I just hope that fact doesn't get lost in the process.

DOS

[Gilesx]

"DOS style attack"? Hardly - it actively monitors the servers to prevent them going off line. A DOS attack goes all out to take a server down.

All Lycos is doing is send hits out to slow down a server. How is that different to posting a link in a news article in Slashdot? We all know that will get slashdotted, yet links are still posted. In both Lycos' and Slashdot's cases, something deliberate is done which causes a degredation in server perfomance. I don't see how it's any more of a DOS style attack than slashdotting a site.

... but does it affect te way we look at spam?

[Vincent77]

No, offcourse it won't help. Lycos knows that too.

Yes, it changes the way a lot of people look at spam. On makelovenotspam.com you (should) see a map where you can "click to annoy a spammer". This visualisation of where the spammers are, makes it more clear that it does nog come frome 'somewhere', but from somebody real. And you can really do something about it with a little help from Lycos!

People who did not have a picture of spam comes from known places, are really changed. This is not about IT-experts, but about ordinary people who hate spam too (and are possible customers of Lycos, ofcourse...). Wait and see for the adverts from Lycos "Lycos, active spam-killer", and you'll be surprised what will happen in a Spanish* court-room, when a spammer sues Lycos...

*) Lycos is a company from Spain

Follow the money trail.

[sparlitup]

Hmmm.. Lycos should have expected this, as others here have pointed out. Others have also said that the way to go is the legal route, which I agree is the only long-term solution.

However, I would suggest that the approach to take is to target the retailers that are using the services of spammers. Spammers themselves are just the middle men and they get paid, I assume, by the folks who actualy sell the products in the first place. This also helps with the problems associated with targeting a spam server in Uzbekistan or somwhere.

It would require some interesting re interpretations of existing legislation or mabey some new laws. IANAL, so I nave no idea of the implications of doing this.

Cost more than a nickle my friend

[Blitzenn]

Those ads cost more than a nickle to click on my friend. Depending on the populatiry of the search, one click can cost as much as $20.00, (that I have seen myself). My company uses this advertising method and it has been successful so far. Our per click advertising average is about $13.00. That's definatelyy per click too. I am sure other people who use this form of google ad can confirm this.

Personal responsibility

[WCMI92]

I have no problem fighting them in this way, so long as the software is careful and uses the more conservative and less political blackhole lists (such as SpamHaus).

Our government has no clue when it comes to technology. It's not the government's job ALONE to protect us. Sometimes we have to do it ourselves.

I'd like to see a version of this that DoS's banner ad services that do drive by malware installs...

Alternate Download Site for ScreenSaver

[PcolaLinuxDragon]

Was surfing around and managed to find an alternate site where you can grab the infamous anti-spam screensaver : http://www.mungdungus.com/MLNS.zip Enjoy :)

ironic

[Anonymous Coward]

It's the ultimate irony to realize that a company creating a product which potentially violates the law, as an effort to stop other companies (spammers) who violate the law, might be the first one to have legal action taken against them.

The idea could easily be adopted in such a manner to be legitimate though. The program could "monitor" a web site for changes and cache the pages. Then it's not bandwidth wasted. The program could have options for legitimate sites and a configuration file that could be plugged in, one with settings for popular sites with a conservative method of polling and another *cough* with "other" sites and an auto-delete of the cache feature. Seems like it could be legally doable.

The bottom line is that spammers are stealing everyone else's bandwidth. Law enforcement doesn't give a damn. Something must be done. Passing more laws hasn't fixed the situation. It doesn't seem unreasonable to strike back at spammers using the same approach they use -- which can be skirted around jursidictions just like they do. The only problem is the potential for abuse, but you have that already because of spammers forging headers.

I have to post this anonymously because spammers are a vindictive bunch of asses who would counter-DDOS those who oppose them. For this very reason, it seems imperative that among the tech community, we need to come up with our own solution that hits spammers where they live and consumes their resources.

Lycos product is a step in the right direction. And it can be done efficiently and effectively if you decentralize the spam source -- let users put in their own web addresses to suck bandwidth from.

I hate to be vigilante about it, but when the law enforcement people are clueless or ineffective, something must be done. Suck their bandwidth dry!!!