Lycos Anti-Spam Site Compromised [Updated] 520
An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.
This is getting really messy.. (Score:2, Insightful)
Ridiculous (Score:3, Funny)
No surprise (Score:5, Interesting)
The Lycos screensaver has gotten a lot of press, and could certainly put a crimp in the spammers pocketbooks, and spammers aren't honest, so why wouldn't they hack Lycos?
Re:No surprise (Score:3, Interesting)
Re:No surprise (Score:5, Insightful)
Blasphemy! (Score:3, Funny)
Re:No surprise (Score:2)
Re:No surprise (Score:4, Interesting)
With a multi billion dollar reported earnings last year and well over 50% of the internet traffic, your arguements are far too little, far too late. There is a lot of information that can be gathered on the origins of spam.
But what do you do with that information? I can go through my mail logs daily and get a list of owned DSL/Cablemodem users. But when I've attempted to contact the ISP's about these owned machines and having them approach their customers, they do nothing. The closest I came was the response from my own ISP, "You aren't supposed to run a mail server on your machine." If I depended upon their mail server I would be inundated with spam.
Considering the damage and costs involved, I would have expected the ISP's to take more action then they have, but then it's a matter of economics. They are not responsible for the security of the network, which is a good thing. If they were, their reaction would be too Draconian.
My opinion is that the ISP should be responsible for identification and elimination of owned machines on their subnets, or at least to help others achieve that goal. This can all be done today without taking some heavy handed approach to the matter, I just hope that fact doesn't get lost in the process.
Some ISPs DO detect and block owned PCs (Score:3, Informative)
He downloaded and ran it. That problem was solved. Shame he didn't realise that there were other viruses in there too (or wasn't told that there might well me). Still, it's more than many ISPs do...
Re:No surprise (Score:3, Insightful)
This is a very ineffective way of solving the problem. You remove the symptoms but not the root cause of the problem. You still have more than a million computers constantly trying to infect/crack other computers. And it's taking up a majority of the bandwidth on many networks.
The point is to go after the ISP's and make them responsible, but only in part. The ultimate responsiblity relies on the end user who owns the infected computer. It should be the ISP's responsibility to notify/contain those computers that are causing the damage.
When Code Red was first on the scene, there were reports of several ISP's who suspended certain accounts pending proof that the customers computers had been cleaned and updated to prevent reinfection.
If this practice by the ISP had become more main stream then many of the problems today would at least be reduced.
Re:No surprise (Score:3, Funny)
I am looking for a dedicated server provider that will host my business domains and provide POP3 emails for each domain.
I might be open to a relationship where you do not provider the actual server, but you know of a reliable server provider and want to be my technical support person for the server and you will help me reach my hosting and email marketing goals. To be my technical support person you must already have a relationship with a reputable server provider who can help me achieve the goals I have set.
My goal is to send out a minimum of 10 million emails a day using the server I rent from you, so I also need the server and software that will allow me to set up email sampaigns to promote and sell educational and consulting business services to more than 10 million email addresses per day without the limitation of bandwidth or the ISP hassle of being shut down.
My last server provider's server crashed every other day and I was unable to get my email marketing campaign off the ground, so reputation, reliability, and stability are important to me.
I will need technical assistance to help set up all the web sites and help with POP3 email setup for each web site, as well as assistance with the email marketing software. I have purchased the @engine email software from BulkISP but have yet to test it at its capacity on a server that works. The limitation of this software is that you are only allowed to use one message per campaign, but I am interested in sending out alternating messages per campaign if possible. Please recommend an email marketing software if you know one.
I need you to provide me a server and need the server provider with the ability to do the following:
1. Provide customer references that I can speak with
2. Setup within 48 hours
3. 24/7 customer support and live technical support
4. Windows 2000 server that supports Linux
5. Unlimited bandwidth
6. Unlimited email accounts
7. PHP, ASP, CGI
8. SSL/SSI
9. DNS hosting with the ability to host 10-15 different web sites
10. Sites that won't be shut down
11. Ability to send out unlimited emails of at least 10 million or more emails a day
12. Ability to set up email addresses for each site, including catch-all emails
13. FTP ability to each web site directly
14. Email software that will give me the ability to do the following:
a. Can send out unlimited emails of at least 10 million emails per day
b. Generate alternate messages for each campaign
c. Alternate Subject matter
d. Send to 1 recipient at a time
e. Alternate "From" message
f. Get around port 25
g. Wash emails
h. Give email mailing reports
15. Remote access to server from anywhere using Terminal Services, VNC, or PcAnywhere
16. Email washer service to comply with do not send recipients (like 65.241.16.254)
17. Easy to understand instructions to operate email software and server
18. Customer references that I can speak with
Thank you.
=====
I was thinking about responding with a bid, $1.00 per e-mail sent and I'll get him set up.
[John]
Re:Other Theories (Score:3, Insightful)
Simple Way To Counter Lycos Threat (Score:2, Interesting)
Moderate this comment
Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]
Re:Simple Way To Counter Lycos Threat (Score:5, Funny)
Re:Simple Way To Counter Lycos Threat (Score:2)
But ... they were "ready" (Score:4, Funny)
Comment removed (Score:5, Funny)
Re:obligatory (Score:3, Funny)
Re:obligatory (Score:2)
Re:obligatory (Score:3, Insightful)
Re:obligatory (Score:3, Insightful)
"Fighting" spammers (Score:4, Insightful)
The "technological" solution to spam has shown itself to be totally ineffective. The solution which has worked to not only put a small dent in the daily dose of spam but also enrich the general public has been to take the spammers to court and eventually to jail when necessary.
Spam is like selling kids crack cocaine. No one wants that kind of shit in the neighborhood, but the only people willing to "take back the streets" are ninnies and other gang members.
Re:"Fighting" spammers (Score:3, Insightful)
Uh.
Define "worked."
My inbox is seeing *more* spam, not less, compared with three years ago.
If we're going to be jailing people, we need to be jailing more than one token high-profile spammer every year. Just like a legitimate business, don't you think these douchebags have vice-presidents who run their ops when they're in the clink? Of course they do...
Jailing them -- at least on this scale -- isn't going to help. We need asset seizure, BIG TIME.
The first grandma who gets her computer seized because it's a zombie box sending spam is going to be massively bad PR for the spammers (dirty little thieves, they are, targeting grandmas like that) and Microsoft (worthless insecure OS...).
Seriously, give it a try. But for the love of all things holy, DON'T JUST PUT THREE TOP DOGS IN JAIL IN THE COURSE OF TWO YEARS. THAT ISN'T WORKING!
p
Re:"Fighting" spammers (Score:5, Insightful)
Heck, even people in the infosec community have enough trouble keeping up with spammers from a defensive corporate security aspect, more less waiting for the government to do enough research to put together a law that may or may not be valid by the time it is voted on and put into action.
Unfortunetly I think the spammers know this, and the best we can hope for is maybe stiffer fines. Then again with the money most of the big guys make off "email marketing", chances are they can afford a good enough lawyer to get them off the hook or a fine that will barely dent their pocket.
Let's not forget the fact that laws are only valid for US spammers. You get a spammer using zombies or even servers in a country that could care less about American policy and laws, and all we have to fall back on is "technology' to aide us.
Re:"Fighting" spammers (Score:4, Informative)
Vigilante style justice does not always work out. For one, you open yourself up to illegal attacks from them, too.
If I legally took a spammer to court and if he DDoSed me, it would only strengthen my case. I have the legal recourse to support my stand.
However, if you did something like what Lycos did, what're you going to tell the judges? They hacked me for hacking them?
As much as I'd love to see spammers get kicked in the nuts, this is not the path to take. It makes us no different from them.
Re:"Fighting" spammers (Score:2)
As an aside: I scanned the UK's Computer Misuse Act yesterday, and was unable to find the clause that made DoS attacks illegal. Could someone point me to the part of this (or another) act that does?
Re:"Fighting" spammers (Score:5, Insightful)
And dont tell me its not Americans that are responsible ... how comes all the adverts are for American companies?
Follow the money. If American banks had their licence removed if they passed money to spammers, there would be no spam.
Re:"Fighting" spammers (Score:2)
I have a link [hrw.com] that explains why litigation will NEVER work.
So what do YOU recomment? (Score:2)
1. Any decision must take longer than 6 months to reach. With few exceptions (Patriot Act, declarations of war, etc etc.) any piece of law in the government (at least the U.S. government) takes months to pass through the Senate and signed into law by the President. Therefore you CANNOT arrest someone, hold them until a bill passes and THEN jail them since everyone else under him would've scatter. Essentually making you look like a fool to people like the /. crowd. Governments (unless acting together) at out.
2. It cannot be done through EULAs since EULAs do not extend internationally. A simple proxy setup somewhere in Russia, India or China is enough to bypass that instantly. Corporations at out, due to legal reasons.
3. It MUST invade people's privacy. This is the INTERNET. This isn't CSI where you have fancy fingerprints that you can match up with the FBI's database. Theres no trail of breadcrumbs you can follow back you the spammers computer since it'll often lead internationally or through a zombified computer. Theres no motives here other than money, no doubt cover with its own miles and miles of internet BS covering its ass. You have millions of suspects, many of which are assisting in the crime without knowing it. Any law enforcement agency smaller than every intellience branch in the world combined cannot handle this task, the U.N. and watch-dog groups are out due to sheer amount of research that would be necessary.
What do you do? As for your analogy with spam and cocaine, ever hear of vigilantes? Course not, cause most of them act ILLEGALLY. A few 'accidents' to the local drug dealer does wonders to drug abuse in the area, instead of having to pay an extra hundred dollars in taxes to keep the same drug dealer in an overpopulated jail.
Re:"Fighting" spammers (Score:3, Interesting)
Yes, I know some postmasters hate it, Korea just doesn't care and China directly ignores them...
At least you do something legit and may have an effect. I saw lots of reports saying "ISP already took action" on lots of reports I send.
Well, getting 400 mails (four hundred) on my Yahoo Plus/week, I took a decision. I only report spams in my native language to Spamcop. Being in scene for too long, I know 98% of TR ISP's actually take action against them since I know their admins.
IMHO the thing must be done is, take care of all abuse reports, ESPECIALLY non geek users abuse reports (via spamcop) and take action. Action maybe blocking access of that account to net.
Spamcop's power comes from something else. It auto investigates the REFERENCED URL and its host. While those assholes use worms, zombies to send mail, unfortunately LOTS of people click on spam links so they must use a first class hosting provider generally.
First class hosting provider, especially on scam mail takes care of report since they don't want to get trouble with Citibank, FBI etc.
While you generally see ISP postmasters doesn't care about spamming customer, hosting provider takes care of spammer assholes "business"(!).
Taste of revenge
Re:"Fighting" spammers (Score:3, Insightful)
The problem with going after hosts is that it's a reactionary measure. Remember:
Re:"Fighting" spammers (Score:5, Insightful)
It's been said on Radio Four that the biggest change ever to happen in the English courts was the one Joseph Swan [wikipedia.org] made. That's far from saying anything is old-fashioned -- what it really means is we got the law about right years ago. Just because someone's using a computer doesn't mean the old rulebook doesn't apply. Freakin' think about what these guys are doing and try to metaphorise it into pre-computer terms. In the Olden Days, the nearest thing to "botnet spamming" would be breaking into my house, stealing my envelopes and stamps, and posting fraudulent and unsolicited messages to people {including some you looked up in my address book}.
Using someone else's computer without consent is quite clearly simple trespass. That's a civil offence. If you discover that your computer has been misused by someone else, you can sue them for trespass to chattels. Simple trespass becomes aggravated trespass -- a criminal offence -- if the intention is to commit another criminal offence {such as fraud, drug dealing, breach of copyright or trading in counterfeit goods}. It's also quite likely that whoever trespassed with your computer either used force {breaking and entering} or deception {burglary artifice} in order to access it. If they turned your computer into part of a botnet then they are quite probably guilty of aiding and abetting other criminal offences. You're probably in the clear because ignorance of the fact is a defence.
The only thorny question now is, what about the fact that someone can be around the other side of the world as they are committing these offences? For the answer, we need to think about what would happen if somebody was standing on a boundary line between two jurisdictions committing an offence. Also, if someone commits an offence in one country which is also an offence in another country, then they can be extradited to stand trial in that other country {unless they would face the death penalty abroad but not at home; in which the Home Secretary / Minister of the Interior / analogous government person would usually intervene}.
What we certainly don't need are more laws.
Works both ways... (Score:2, Insightful)
Re:Works both ways... (Score:2)
Lad Vampire unaffected (Score:5, Informative)
Well if it was not a joke then.... (Score:2, Insightful)
Raise Your Hands, People... (Score:4, Insightful)
Yeah, didn't think so.
If something like this is ever going to work, it's going to have to be a lot more underground, just like the spammers.
p
This link still works (Score:2, Informative)
http://download2.makelovenotspam.com/screensavers
MD5 sum as of 11/26 (Score:5, Informative)
Re:This link still works (Score:3, Informative)
Hash: SHA1
OSX version of the screensaver downloaded on the afternoon of 26th
November, compared to download just now (second checksum for reference,
download it yourself as a hedge against a compromised server giving back
good data to hosts known to have already downloaded the file).
Lines wrapped to reduce mangling.
- -rw-r--r-- 1 aqua staff 1120108 26 Nov 14:19 \
ea8c53d0fb0f30faf
- -rw-r--r-- 1 aqua staff 1120108 1 Dec 00:41 \
Desktop/MLNS_screensaver_en.dmg
ea8c53d0fb0f30fa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBrYfGU5XKDemr/NIRApqmAKDXGuZG5gWvp/9QS7d
+fP7YMmg3DwVFCspiLqze+g=
=4LKC
Stupidest idea ever. (Score:5, Insightful)
This is the stupidest idea ever. I hope several someones end up suing Lycos over this, it's just moronic.
-All- security measures should be predicated upon the sentiment expressed in Hippocrates' _Epidemics_ (-not- the Oath, that's a popular misconception) - '. . . first, do no harm'.
Re:Stupidest idea ever. (Score:2)
To paraphrase another thinker-type, John Selden:
"Ignorance of the machine excuses no user."
Just because they didn't *intend* to get their box compromised doesn't mean they're entirely innocent, either.
p
Re:Stupidest idea ever. (Score:2, Insightful)
They *chose* to buy a computer, *knowing* the risks of viruses, spyware, etc.
They *chose* to put that computer on a broadband connection.
They *chose* not to keep their virus protection software up-to-date.
They *chose* not to place the computer behind a firewall.
They *chose* to leave the computer out there like a sitting duck, just waiting for an infection to come along and pWn the box.
It doesn't make it any less low that there are scum who would take advantage of this situation, but...
If someone without proper education is caught operating a motor vehicle, that person is subject to severe penalty.
People with your attitude are the problem with society. WHY CAN'T PEOPLE JUST TAKE SOME FUCKING RESPONSIBILITY FOR THEIR OWN ACTIONS? If you fuck up out of ignorance, well, tough shit. Learn. And then don't fuck up next time.
p
Re:Stupidest idea ever. (Score:2)
If these users ever hear of viruses, it will be on the advertisement media of the antivirus and firewall products, so people dismiss it as simply being a sales ploy, because microsoft has told them windows is secure without third party tools.
Re:Stupidest idea ever. (Score:2)
very people actually....
finally MS is putting some sort of firewall in their O/S and having it ON by default...which helps
BUT lack of education about the risks is the problem....
Your Ignorance (Score:3, Insightful)
Just because you don't understand something does NOT make you 'deserving' of harm.
You need to get it thru your head ( and others like you ) that the common man DOES NOT understand the risks NOR SHOULD THEY. They are USERS not TECHIES...
Until you require people pass a test to have a PC, then you can not expect the user to have any knowledge about it.
Would you expect a TV watcher to understand how their TV works? All the digital and analog components? How the electrons are formed and manipulated on their way to the screen? If they don't, they might see something offensive.. got to hold them responsible for lack of specific technical knowledge beyond their normal life.
Or how about nuclear power generation, because they might get shocked by the power..
Get over yourself... You are what gives us all a bad name.
Man, I shouldn't feed the trolls....
Re:Stupidest idea ever. (Score:5, Funny)
We should be going after them as angry mobs armed with pitchforks and torches.
lol, bring it on (Score:5, Funny)
I hope the guys who attacked Lycos are getting hit hard by their service. Keep it up Lycos! You're obviously hitting a nerve.
Re:lol, bring it on (Score:2)
An alternative perhaps (Score:4, Insightful)
What I don't think is a good idea is a company deciding who deserves to be DDoSed. In that sense, it is little better than MyDoom, which also attacked unpopular companies.
Personally, I think we should try to take down companies that use spam for advertising legally, rather than using a DDoS. But I might not have the popular view, you never know.
Re:An alternative perhaps (Score:2)
You think Congress passing a law is going to make it at all enforcable in countries that feel free to tell Americans where they can shove it?
Legality is a joke when enforcing something like spam on the internet. If you get China to crack down, which you won't, then the 25lb servers just get shipped to India, Pakistan, russia, east europe, sout america... Hell. Anywhere.
Furthermore, some now do, and more will, use bot networks of rooted Windows machines as proxy slaves to spam email, creating a virtual barrier from the real bad guy.
Re:An alternative perhaps (Score:2)
Re:An alternative perhaps (Score:2)
Seriously, every single spam i've recieved today has been from a windows machine, while every legitimate mail has been from some form of unix, if we were to reject mail coming from windows hosts we could cut out a vast majority of it.
They're a day late and a dollar short (Score:2)
but there's a problem there (Score:2)
Maybe a source code copy that you could compile yourself might be OK, but I doubt we'll see that. What other system can you trust as safe, except maybe to download something now and confirm it's MD5 sum as being known good with several trusted sources in a week or two?
People still download screensavers? (Score:5, Insightful)
It used to be all the rage... yes, starting with AfterDark decades ago, and finally culminating in WebShots a few years ago. But does anyone really do this nowadays? Seriously?
Maybe if it showed a random "babe/hunk of the day" while doing its nasty work it would be downloaded by more people...
Re:People still download screensavers? (Score:2)
Lots of people, unfortunately (Score:2)
People love nifty screen savers for some reason. Not sure why, when mine is active it's because I'm not at my desk, but most people are drawn to them.
Fighting Fire with fire (Score:3, Insightful)
The problem with spammers is a hopelessly outdated protocol for sending and relaying e-mail on the one hand, and on the other, governments failing to produce adequate legislation to combat spammers, scammers, and the like on the Internet.
Then think that most companies and business-oriented lobby groups fight hard to keep e-mail available as a direct marketing medium, the same way they would thoroughly object to a ban on telephone-based telemarketing.
We don't need a bunch of cowboys arming themselves with guns and taking out everyone they see as a danger to society/Internet, we need decent, solid legislation, and government commitment to take out spammers.
Re:Fighting Fire with fire (Score:2)
* I recently moved to another house. My new mailbox has no sticker on it (yet) saying I'm not interested in unadressed advertisments. The amount of paper printed advertisments I receive amounts to a lot more volume than the amount of 'regular' mail.
* I get a lot of calls from telemarketeers offering me insurances, mortages, newspapers, cheap phone rates, etc.
* A company here in
This is why spam won't be kept at bay by anti-spam laws. Companies are trying feverously to shove as many advertising down your throat as they possibly can. You are not an individual, you are a consumer, and they won't rest until they've pried your last penny from your cold, dead, hands.
And since, through lobbying, companies have a larger say in the legislation than the voter has in all western countries, this is not going away. Look at the broader picture.
Legislation agains spam will allways be easily avoided, because it is a rigid set of rules, not a flexible method. And putting a law into place takes several months or maybe years. Thinking of a way to get around it takes far shorter.
"...is bad, you know this" (Score:5, Insightful)
Re:"...is bad, you know this" (Score:2, Interesting)
No kidding (Score:2)
Seems like a hack... (Score:2)
Yes, since it's working now again, it was probably unintentional.
main cost of spam != bandwidth (Score:2, Insightful)
It could have been worse (Score:3, Insightful)
What next? Users attack hardware vendors for not releasing drivers for graphics cards? Political parties make screensavers which overload the web servers of the opposition? We do not want to go there.
I guess this time they should consider themselves lucky that someone didn't manage to remove positive control over the screensavers from Lycos, effectively turning their DDoS zombie network into a tool for spammers. It would have been such a sweet irony of the very network of DDoS-agents created to thwart spammers would be turned into a spamming network.
Why install a boring screen saver? (Score:2)
I might have had some fun for a while with a screen saver displaying random spammer's pictures, but without it, why bother...
There we go again... (Score:3, Insightful)
() technical ( ) legislative () market-based (x) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
(x) Microsoft will not put up with it
(x) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
(x) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
(x) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Re:There we go again... (Score:5, Informative)
The following are clearly completely untrue:
All the rest are HIGHLY unlikely to be correct. For instance you suggest this is illegal by selecting several options, yet you haven't pointed to any laws outlawing it.
Re:There we go again... (Score:3, Insightful)
If they're true, they're relevant. If they aren't true, they aren't relevant. That's pretty much the whole story.
Well let's take a look at these one by one. We must bundle "mailing lists...", "users of email...", "...two weeks...", "Anyone..." and "dishonesty..." because the first three are all results of the dishonesty thing. We can target their mail server if it's on a fixed IP or at least in a fixed netblock, but the URL in the spam could go anywhere. If you ddos a site linked from the email using an automated tool, and find out it is actually a totally unrelated website that they just wanted ddos'd because it's a competitor, you're going to feel like a real asshole, aren't you?
The only ones I don't agree with are the "Microsoft..." (they have nothing to say about it) and "Countermeasures..." since phasing it in gradually will work fine. I also agree that the "Armies..." is applicable because that's the real reason that this won't work. Until we find a way to stop PCs from turning into spam reflectors, we're going to have a spam problem, no matter what else we do to solve the problem.
DOS (Score:5, Interesting)
All Lycos is doing is send hits out to slow down a server. How is that different to posting a link in a news article in Slashdot? We all know that will get slashdotted, yet links are still posted. In both Lycos' and Slashdot's cases, something deliberate is done which causes a degredation in server perfomance. I don't see how it's any more of a DOS style attack than slashdotting a site.
Re:DOS (Score:2)
The difference is in the intent (Score:2)
This here is intentional loading of servers, for the purpose of using up resources. That's real different.
To give a parallel to different kind of law, take the unjustified death of a person. There's a whole range of crimes for it, and the big difference in based on intent. Manslaughter is when you kill someone, but didn't intend to do so. It could be because of soemthing like gross neglenence, vehicular, etc. You caused their death, and your actions or improper lack of action was the immediate cause, but you didn't intend for it to happen. Murder is when you did intend to kill them. The motivating force behind your actions was to cause their death.
Likewise, these two things are different. The effect may be the same, the intent is not.
An alternative and legal idea (Score:5, Insightful)
One of the problems with spam is all the companies selling software that 'sends ten million emails a day'. Given that this is hardly likely to be for legitimate use (does your company have 10 million subscribers?) heres a way to hurt their pockets.
Go to google
Search for bulk email software
Click once on every google ad on the RHS.
Repeat each day.
Every click costs the spam (sorry *direct marketing*) company maybe $0.05. If everyone on slashdot did it, these companies would be hit bigtime. Their ad budgets would be used up, and their conversion rate would be zero.
Its not going to rid us of spam, but it IS one way to fuck up the assholes that make this stuff so easy.
Cost more than a nickle my friend (Score:5, Interesting)
Re:An alternative and legal idea (Score:3, Informative)
I want people to stop calling it a 'screensaver' (Score:3, Insightful)
I downloaded this yesterday. What does it do apart from use up spammers bandwidth? It keeps essentialy the same non changing image up on the screen. Er no thanks. My shiny new 19" TFT isn't going anywhere near that.
I know CRTs can now cope with static images, but TFTs can't.
Personal responsibility (Score:3, Interesting)
Our government has no clue when it comes to technology. It's not the government's job ALONE to protect us. Sometimes we have to do it ourselves.
I'd like to see a version of this that DoS's banner ad services that do drive by malware installs...
Their Achille's Heel is showing (Score:3, Insightful)
Spamming is prevalent because it is literally free of cost to the spammers. This tool threatens to raise the cost of spamming end via excessive bandwidth demands at the spammer server end. If the cost of spamming became prohibitive then spam would be extinct and they would not have the resources to retain hackers to carry out their malicious efforts like deceptive URLs and hijacking innocent PCs as spam boxes.
The Lycos tool makes that threat very real. The spammers know this and they have focused their attack on the tool.
If they take legal action arguing that attacks on their ISPs was damaging their liveliehood, the same can be said of spammers' attacks on our inboxes and compromised PCs. When you accuse someone by pointing at them, there are always three fingers pointing back towards you.
Legislative actions are ineffective thanks to lobbying efforts from direct marketing organizations of which spammers are a member. The CANSPAM accomplishes nothing and trumps more aggressive state laws. If the government cannot provide relief, then the private sector will seek alternatives without their help.
It was only inevitable that this happened.
Begun, the spam war has.
Re:Attack! (Score:5, Funny)
News forgery (Score:4, Insightful)
This looks like news forgery to me. Is there any indication of a security breach at Lycos? All we seem to have is "an anonymous reader" telling Slashdot that the screensaver was compromised, and at least one blog repeating what has been said on Slashdot. Maybe this is just another PR stunt by Lycos, or a spammer trolling Slashdot?
With Lycos relying on Javascript to get their message out, I sure won't waste my time trying to decipher it. If they can tell me where the spammer websites are, I'll be happy to evaluate their opinion and take appropriate action against those sites myself, after careful consideration. Lend Lycos my hardware and IP address, so that they can mastermind a DDoS attack disguised as me? Certainly not.
Re:Not at all (Score:3, Informative)
Can anyone in the U.S. who is getting the h4x0r3d message verify this IP?
Querying a U.S. DNS server and a European DNS server yeilds the same result:
Both have the same Authority Section as well:
Does anyone know of a DNS server that yeilds something differnet?
Re:Attack! (Score:5, Insightful)
Spam is a huge amount of traffic on the net, that is my problem with it. Turning clueless lycos users into antispambots will not DECREASE the traffic on the net but increase it. Also, if joe blow user gets a screen saver that DDOSs a.b.c.d and said spammer goes out of business resulting in cox cable giving my grandma a cable modem at a.b.c.d do you really think J Blow user is going to know to get his screensaver updated or are a large chunk of them going to run the initial screensaver as long as they ran Win 98 unpatched (forever)
hopefully it's written better than that (Score:5, Insightful)
The spammer's response is a strong indication that it's a pretty good idea, and one they really don't like and see as an actual threat to them.
Re:Attack! (Score:3, Insightful)
(I'm not saying I think this is a good idea - but reading the article before making bogus critical claims would seem like a wise plan to me.)
Wrong. (Score:4, Informative)
"The sites targeted will come from blacklists generated by Spamcop and other anti-spam organizations"
http://www.spamfo.co.uk/News/Software/Lycos_ant
From a previous news article I had read lycos is just making it available to download, and marketing it so to speak, but another company developed it, and im guessing since the site is down/comprimised,and that you can not access the black list its hosted somewhere other then lycos. But I could be wrong.
Re:Attack! (Score:3, Funny)
Sounds like a lawsuit waiting to happen.
Re:Attack! (Score:2)
Re:Attack! (Score:3, Insightful)
What should be done is to simply put pressure on the ISPs hosting these spammers, and cut them off by blocking their mail-servers and even web-servers used to sell their goods.
The "spam attack" was a PR-stunt by Lycos (first tested in Sweden), which apparently back-fired now.
Re:Attack! (Score:5, Insightful)
The thing that totally bugs me is that ISPs are not cracking down more on zombies. The terms of service should state that the ISP can read your outgoing mail if you send more than 500 emails a day. They can then shut down your connection if you are sending spam. If all of the zombies were cut off, spam would likely be reduced by 80%.
I downloaded and installed the screensaver a Monday night. I like it. I certainly do not think that this is the perfect solution. But at least is may accomplish something! Every other spam tactic that I have seen to stop the source has amounted to a big fat nothing. Filtering you mail still works, but is a pain.
Re:Attack! (Score:3, Funny)
Comcast has an automated policy that if you send/receive some significant number of emails in some short time, it will block all message from that email address. When I setup my new firewall I made the mistake of telling it to email me on every identified attack instead of just once per day. This ended up immediately issuing 6-10 emails per minute, and I didn't catch it until about 30-45 minutes later. The damage was already done. Three months later and I still can't get Comcast to unblock that email address. At least the wonderfully intelligent and helpful customer service rep on the phone was able to give me a new email addy to start using...
Re:Attack! (Score:5, Insightful)
My ISP blocks 25 by default. If you contact tech support and request that it be enabled they bump you to tier3 support, who quiz you breifly to ensure you are capable of securing it and then open it for you. Not a bad deal all together. The quiz is really just a checklist:
1) You know port 25 is for a mailserver right?
2) Do you know how to configure your mailserver so it won't be an open relay?
3) Promise you won't send spam.
4) Port 25 is now open.
Works for me
-nB
Re:Works for me (Score:5, Insightful)
Do you know for sure it is the one you think it is?
Do you know for sure what your system is doing?
If the site had been compromised, how do you know that file is the one which was originally hosted there?
Re:Works for me (Score:2)
Re:Now we need a virus... (Score:2, Funny)
Re:good to see some ethics (Score:2)
read again (Score:2, Informative)
The point of this screen saver is to increase the running costs of those website.
Who do you believe?
it's neither (Score:4, Interesting)
I don'y believe it's either. The screen saver does not do a DNS, in fact it's written not to. The spammers obviously want a lot of traffic to their sites (they cram my mailboxes to try to get that traffic. Even started hitting my gmail mailbox tonight, and I've never given out that gmail address!). So I just see the application as a handy way to give them the traffic they want, maybe they can stop sending me so much mail to try to get it now. And it's hardly unethical. It's being done to try to stop or slow the scourage of the Internet. No ethical issues about it, these people not only cram inboxes to the extreme (some accounts where I get hundreds of pieces of spam a day are completely useless to me anymore), they have expanded their efforts to trojans and viruses to take over other systems. Any effort to slow or stop such people cannot be unethical.
Re:like i was gonna install it anway (Score:2, Insightful)
Re:slashdot the spammers (Score:2)
host and domain names of sites that permit spammers
http://www.arachnoid.com/lutusp/antispa
e-mail addresses of known spammers
http://www.arachnoid.com/lutusp/antispa