Lycos Anti-Spam Site Compromised [Updated] 520
An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.
No surprise (Score:5, Interesting)
The Lycos screensaver has gotten a lot of press, and could certainly put a crimp in the spammers pocketbooks, and spammers aren't honest, so why wouldn't they hack Lycos?
Simple Way To Counter Lycos Threat (Score:2, Interesting)
Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]
Re:No surprise (Score:3, Interesting)
Re:"...is bad, you know this" (Score:2, Interesting)
good to see some ethics (Score:1, Interesting)
Re:"Fighting" spammers (Score:3, Interesting)
Yes, I know some postmasters hate it, Korea just doesn't care and China directly ignores them...
At least you do something legit and may have an effect. I saw lots of reports saying "ISP already took action" on lots of reports I send.
Well, getting 400 mails (four hundred) on my Yahoo Plus/week, I took a decision. I only report spams in my native language to Spamcop. Being in scene for too long, I know 98% of TR ISP's actually take action against them since I know their admins.
IMHO the thing must be done is, take care of all abuse reports, ESPECIALLY non geek users abuse reports (via spamcop) and take action. Action maybe blocking access of that account to net.
Spamcop's power comes from something else. It auto investigates the REFERENCED URL and its host. While those assholes use worms, zombies to send mail, unfortunately LOTS of people click on spam links so they must use a first class hosting provider generally.
First class hosting provider, especially on scam mail takes care of report since they don't want to get trouble with Citibank, FBI etc.
While you generally see ISP postmasters doesn't care about spamming customer, hosting provider takes care of spammer assholes "business"(!).
Taste of revenge
it's neither (Score:4, Interesting)
I don'y believe it's either. The screen saver does not do a DNS, in fact it's written not to. The spammers obviously want a lot of traffic to their sites (they cram my mailboxes to try to get that traffic. Even started hitting my gmail mailbox tonight, and I've never given out that gmail address!). So I just see the application as a handy way to give them the traffic they want, maybe they can stop sending me so much mail to try to get it now. And it's hardly unethical. It's being done to try to stop or slow the scourage of the Internet. No ethical issues about it, these people not only cram inboxes to the extreme (some accounts where I get hundreds of pieces of spam a day are completely useless to me anymore), they have expanded their efforts to trojans and viruses to take over other systems. Any effort to slow or stop such people cannot be unethical.
Re:No surprise (Score:4, Interesting)
With a multi billion dollar reported earnings last year and well over 50% of the internet traffic, your arguements are far too little, far too late. There is a lot of information that can be gathered on the origins of spam.
But what do you do with that information? I can go through my mail logs daily and get a list of owned DSL/Cablemodem users. But when I've attempted to contact the ISP's about these owned machines and having them approach their customers, they do nothing. The closest I came was the response from my own ISP, "You aren't supposed to run a mail server on your machine." If I depended upon their mail server I would be inundated with spam.
Considering the damage and costs involved, I would have expected the ISP's to take more action then they have, but then it's a matter of economics. They are not responsible for the security of the network, which is a good thing. If they were, their reaction would be too Draconian.
My opinion is that the ISP should be responsible for identification and elimination of owned machines on their subnets, or at least to help others achieve that goal. This can all be done today without taking some heavy handed approach to the matter, I just hope that fact doesn't get lost in the process.
DOS (Score:5, Interesting)
All Lycos is doing is send hits out to slow down a server. How is that different to posting a link in a news article in Slashdot? We all know that will get slashdotted, yet links are still posted. In both Lycos' and Slashdot's cases, something deliberate is done which causes a degredation in server perfomance. I don't see how it's any more of a DOS style attack than slashdotting a site.
... but does it affect te way we look at spam? (Score:2, Interesting)
Yes, it changes the way a lot of people look at spam. On makelovenotspam.com you (should) see a map where you can "click to annoy a spammer". This visualisation of where the spammers are, makes it more clear that it does nog come frome 'somewhere', but from somebody real. And you can really do something about it with a little help from Lycos!
People who did not have a picture of spam comes from known places, are really changed. This is not about IT-experts, but about ordinary people who hate spam too (and are possible customers of Lycos, ofcourse...). Wait and see for the adverts from Lycos "Lycos, active spam-killer", and you'll be surprised what will happen in a Spanish* court-room, when a spammer sues Lycos...
*) Lycos is a company from Spain
Follow the money trail. (Score:2, Interesting)
However, I would suggest that the approach to take is to target the retailers that are using the services of spammers. Spammers themselves are just the middle men and they get paid, I assume, by the folks who actualy sell the products in the first place. This also helps with the problems associated with targeting a spam server in Uzbekistan or somwhere.
It would require some interesting re interpretations of existing legislation or mabey some new laws. IANAL, so I nave no idea of the implications of doing this.
Cost more than a nickle my friend (Score:5, Interesting)
Personal responsibility (Score:3, Interesting)
Our government has no clue when it comes to technology. It's not the government's job ALONE to protect us. Sometimes we have to do it ourselves.
I'd like to see a version of this that DoS's banner ad services that do drive by malware installs...
Alternate Download Site for ScreenSaver (Score:2, Interesting)
ironic (Score:1, Interesting)
The idea could easily be adopted in such a manner to be legitimate though. The program could "monitor" a web site for changes and cache the pages. Then it's not bandwidth wasted. The program could have options for legitimate sites and a configuration file that could be plugged in, one with settings for popular sites with a conservative method of polling and another *cough* with "other" sites and an auto-delete of the cache feature. Seems like it could be legally doable.
The bottom line is that spammers are stealing everyone else's bandwidth. Law enforcement doesn't give a damn. Something must be done. Passing more laws hasn't fixed the situation. It doesn't seem unreasonable to strike back at spammers using the same approach they use -- which can be skirted around jursidictions just like they do. The only problem is the potential for abuse, but you have that already because of spammers forging headers.
I have to post this anonymously because spammers are a vindictive bunch of asses who would counter-DDOS those who oppose them. For this very reason, it seems imperative that among the tech community, we need to come up with our own solution that hits spammers where they live and consumes their resources.
Lycos product is a step in the right direction. And it can be done efficiently and effectively if you decentralize the spam source -- let users put in their own web addresses to suck bandwidth from.
I hate to be vigilante about it, but when the law enforcement people are clueless or ineffective, something must be done. Suck their bandwidth dry!!!