Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Spam IT

Lycos Anti-Spam Site Compromised [Updated] 520

An anonymous reader writes "Lycos, shortly after producing a screen saver to fight spammers using a DoS-style attack appears to have been hacked. Attempting to download the screen saver from lycos results in this message 'Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.' Or maybe it's just a joke -- can you ever tell?" Update: 12/01 15:07 GMT by T : According to Lycos, the defacement reports were actually just a hoax.
This discussion has been archived. No new comments can be posted.

Lycos Anti-Spam Site Compromised [Updated]

Comments Filter:
  • by Anonymous Coward
    If there are only a few large spamming... erm... entities, then I wonder how and when they'll finally be caught.
  • Ridiculous (Score:3, Funny)

    by bool morpheus() ( 689231 ) <morpheus2600@NOSPaM.xmsg.com> on Wednesday December 01, 2004 @03:04AM (#10961212) Journal
    They wouldn't let phone telemarketers threaten you into buying whatever product. Aww, let's all feel sorry for the poor spammers. Boo hoo hoo.
  • No surprise (Score:5, Interesting)

    by JuggleGeek ( 665620 ) on Wednesday December 01, 2004 @03:05AM (#10961214)
    I'm not surprised. Spammers, phishers, and other scammers have obviously been hiring geeks to write software for them for some time. Without that, they wouldn't have armies of owned machines ready to send out their spam for them, etc.

    The Lycos screensaver has gotten a lot of press, and could certainly put a crimp in the spammers pocketbooks, and spammers aren't honest, so why wouldn't they hack Lycos?

    • Re:No surprise (Score:3, Interesting)

      Exactly, your average spammer I'm sure does not have the coding skills you need for what damage spam wrecks (though I'm sure a few do). That was the first thing I thought, that they hired someone to compromise Lycos. However, do you think this could bring further legal trouble possibly to the blacklisted spam sites? Might be a reasonable cause to do some investigation....
    • Re:No surprise (Score:5, Insightful)

      by kasper37 ( 90457 ) on Wednesday December 01, 2004 @03:19AM (#10961270) Homepage
      Hiring geeks? How do you know it's not geeks themselves doing the spamming? Just because someone is smart and has networking/programming know how doesn't mean that they are immune to the draw of easy money.
    • Indeed, this has a danger of setting a precedent that abuse is to fought with more abuse. This is of course not the solution. Such a screen saver would be more helpfull if it analysed and gathered information about the origins of spam and then assisted in the systematic shutdown or firewalling of abusers, but that is just mho...

      • Re:No surprise (Score:4, Interesting)

        by tacocat ( 527354 ) <`tallison1' `at' `twmi.rr.com'> on Wednesday December 01, 2004 @04:29AM (#10961508)

        With a multi billion dollar reported earnings last year and well over 50% of the internet traffic, your arguements are far too little, far too late. There is a lot of information that can be gathered on the origins of spam.

        But what do you do with that information? I can go through my mail logs daily and get a list of owned DSL/Cablemodem users. But when I've attempted to contact the ISP's about these owned machines and having them approach their customers, they do nothing. The closest I came was the response from my own ISP, "You aren't supposed to run a mail server on your machine." If I depended upon their mail server I would be inundated with spam.

        Considering the damage and costs involved, I would have expected the ISP's to take more action then they have, but then it's a matter of economics. They are not responsible for the security of the network, which is a good thing. If they were, their reaction would be too Draconian.

        My opinion is that the ISP should be responsible for identification and elimination of owned machines on their subnets, or at least to help others achieve that goal. This can all be done today without taking some heavy handed approach to the matter, I just hope that fact doesn't get lost in the process.

        • when I've attempted to contact the ISP's about these owned machines and having them approach their customers, they do nothing.

          Some ISPs do. A friend of mine found one day when he tried to connect that all he could get was a site that told him "download this tool and clean out the worm that's making your PC spew out more infection, or we won't let you back on the net". That was NTL (in the UK) but I believe some other ISPs do that sort of thing too. And good for them!

          He downloaded and ran it. That pro

    • by Bigbutt ( 65939 )
      Exactly. Check this out, it's a job request posted to Guru.com:

      I am looking for a dedicated server provider that will host my business domains and provide POP3 emails for each domain.

      I might be open to a relationship where you do not provider the actual server, but you know of a reliable server provider and want to be my technical support person for the server and you will help me reach my hosting and email marketing goals. To be my technical support person you must already have a relationship with a rep
  • I am guessing that some of the spammers just changed their DNS records to make their domain names to point to the lycos site. Actually, now these spam targetted domains can be used as weapons, just by changing their DNS records. Well-done Lycos!

    Moderate this comment
    Negative: Offtopic [mithuro.com] Flamebait [mithuro.com] Troll [mithuro.com] Redundant [mithuro.com]
    Positive: Insightful [mithuro.com] Interesting [mithuro.com] Informative [mithuro.com] Funny [mithuro.com]

  • by Joosy ( 787747 ) on Wednesday December 01, 2004 @03:06AM (#10961219)
    Clearly it must be a joke, since a Lycos rep is quoted as saying: "There's a risk we will receive some denial of service attacks in the next few days but we are ready."
  • by account_deleted ( 4530225 ) on Wednesday December 01, 2004 @03:06AM (#10961220)
    Comment removed based on user account deletion
    • That's how to combat spam. Just /. the servers.
      • Actually, that's an interesting idea. Post the link from a piece of spam at the top of /. every day. Everyone who visits the site clicks on it a few times and doesn't buy anything. If the site is hosted in a conventional way, they will either use up their bandwidth allowance, or receive a huge bandwidth bill. If it is hosted by a zombie network, then we kick the host off the network and encourage someone to run antivirus software.
        • Re:obligatory (Score:3, Insightful)

          by caluml ( 551744 )
          Even better. Include a file from that server in the main page of slashdot, such as an image. However, this is just vigilantism. I have more bandwidth than you, so I'm right. A war doesn't show who is right, just who is left.
  • by Dancin_Santa ( 265275 ) <DancinSanta@gmail.com> on Wednesday December 01, 2004 @03:06AM (#10961221) Journal
    The way to "fight" spammers is by following the law and litigating against them. Childish things like using illegal hacking tools just puts gasoline on an already out of control blaze. More stringent laws and serious punishments for spammers is the final key to doing away with the vast numbers of spammers.

    The "technological" solution to spam has shown itself to be totally ineffective. The solution which has worked to not only put a small dent in the daily dose of spam but also enrich the general public has been to take the spammers to court and eventually to jail when necessary.

    Spam is like selling kids crack cocaine. No one wants that kind of shit in the neighborhood, but the only people willing to "take back the streets" are ninnies and other gang members.
    • The solution which has worked to not only put a small dent in the daily dose of spam but also enrich the general public has been to take the spammers to court and eventually to jail when necessary.

      Uh.

      Define "worked."

      My inbox is seeing *more* spam, not less, compared with three years ago.

      If we're going to be jailing people, we need to be jailing more than one token high-profile spammer every year. Just like a legitimate business, don't you think these douchebags have vice-presidents who run their ops wh
    • by Nykon ( 304003 ) on Wednesday December 01, 2004 @03:20AM (#10961273) Homepage
      Technology moves much faster then any of the law making parts of our government. A blanket law could harm innocent people, look at the rampant abuse of the DMCA? It had good intentions but was too broad and was abused for other purposes.

      Heck, even people in the infosec community have enough trouble keeping up with spammers from a defensive corporate security aspect, more less waiting for the government to do enough research to put together a law that may or may not be valid by the time it is voted on and put into action.

      Unfortunetly I think the spammers know this, and the best we can hope for is maybe stiffer fines. Then again with the money most of the big guys make off "email marketing", chances are they can afford a good enough lawyer to get them off the hook or a fine that will barely dent their pocket.

      Let's not forget the fact that laws are only valid for US spammers. You get a spammer using zombies or even servers in a country that could care less about American policy and laws, and all we have to fall back on is "technology' to aide us.

    • by metlin ( 258108 ) * on Wednesday December 01, 2004 @03:28AM (#10961296) Journal
      Really well said.

      Vigilante style justice does not always work out. For one, you open yourself up to illegal attacks from them, too.

      If I legally took a spammer to court and if he DDoSed me, it would only strengthen my case. I have the legal recourse to support my stand.

      However, if you did something like what Lycos did, what're you going to tell the judges? They hacked me for hacking them?

      As much as I'd love to see spammers get kicked in the nuts, this is not the path to take. It makes us no different from them.
      • My thought on this project was that Lycos were hoping that spammers would sue them. Since they can only do this by admitting to existing in a jurisdiction that has computer misuse legislation, Lycos (or, ideally, a third party) then has a valid target for lawsuits.

        As an aside: I scanned the UK's Computer Misuse Act yesterday, and was unable to find the clause that made DoS attacks illegal. Could someone point me to the part of this (or another) act that does?

    • by Anne Thwacks ( 531696 ) on Wednesday December 01, 2004 @03:29AM (#10961299)
      Since its pretty clear that the US law enforcement officers are unable to attack a doughnut, let alone anything to do with computers, I would not hold out much hope. Two spammers in 20 years is not a successful campaign.

      And dont tell me its not Americans that are responsible ... how comes all the adverts are for American companies?

      Follow the money. If American banks had their licence removed if they passed money to spammers, there would be no spam.

    • I have a link [hrw.com] that explains why litigation will NEVER work.

    • So what do you suggest the government/corporations/people do about this? Before you give any suggestions, note the following:

      1. Any decision must take longer than 6 months to reach. With few exceptions (Patriot Act, declarations of war, etc etc.) any piece of law in the government (at least the U.S. government) takes months to pass through the Senate and signed into law by the President. Therefore you CANNOT arrest someone, hold them until a bill passes and THEN jail them since everyone else under him would

    • by Ilgaz ( 86384 )
      http://www.spamcop.net/ [spamcop.net]

      Yes, I know some postmasters hate it, Korea just doesn't care and China directly ignores them...

      At least you do something legit and may have an effect. I saw lots of reports saying "ISP already took action" on lots of reports I send.

      Well, getting 400 mails (four hundred) on my Yahoo Plus/week, I took a decision. I only report spams in my native language to Spamcop. Being in scene for too long, I know 98% of TR ISP's actually take action against them since I know their admins.

      IMHO
      • The problem with going after hosts is that it's a reactionary measure. Remember:

        • Spam only takes one sale to be profitable.
        • Delays in reporting spam and delays in verifying it will mean the spammer can make that one sale.
        • It won't stop the e-mail, which is what we really want, because there's always the possibility they can stay open long enough for that one sale.
    • by ajs318 ( 655362 ) <sd_resp2NO@SPAMearthshod.co.uk> on Wednesday December 01, 2004 @05:52AM (#10961740)
      The problem is, spam is already illegal. We don't need new laws: we just need to enforce the ones we've got.

      It's been said on Radio Four that the biggest change ever to happen in the English courts was the one Joseph Swan [wikipedia.org] made. That's far from saying anything is old-fashioned -- what it really means is we got the law about right years ago. Just because someone's using a computer doesn't mean the old rulebook doesn't apply. Freakin' think about what these guys are doing and try to metaphorise it into pre-computer terms. In the Olden Days, the nearest thing to "botnet spamming" would be breaking into my house, stealing my envelopes and stamps, and posting fraudulent and unsolicited messages to people {including some you looked up in my address book}.

      Using someone else's computer without consent is quite clearly simple trespass. That's a civil offence. If you discover that your computer has been misused by someone else, you can sue them for trespass to chattels. Simple trespass becomes aggravated trespass -- a criminal offence -- if the intention is to commit another criminal offence {such as fraud, drug dealing, breach of copyright or trading in counterfeit goods}. It's also quite likely that whoever trespassed with your computer either used force {breaking and entering} or deception {burglary artifice} in order to access it. If they turned your computer into part of a botnet then they are quite probably guilty of aiding and abetting other criminal offences. You're probably in the clear because ignorance of the fact is a defence.

      The only thorny question now is, what about the fact that someone can be around the other side of the world as they are committing these offences? For the answer, we need to think about what would happen if somebody was standing on a boundary line between two jurisdictions committing an offence. Also, if someone commits an offence in one country which is also an offence in another country, then they can be extradited to stand trial in that other country {unless they would face the death penalty abroad but not at home; in which the Home Secretary / Minister of the Interior / analogous government person would usually intervene}.

      What we certainly don't need are more laws.
  • by Anonymous Coward
    Yes, hacking websites is wrong, you know this, you shouldn't be doing it. Your ip address and your actions have been logged and will be reported to your ISP for further action.
  • by Lost Race ( 681080 ) on Wednesday December 01, 2004 @03:06AM (#10961224)
    Lad Vampire [aa419.org] is still going strong. It's similar to the Lycos thing but only targets 419 scammers.
  • Someone was worried.
  • by the pickle ( 261584 ) on Wednesday December 01, 2004 @03:07AM (#10961228) Homepage
    ...if you're remotely surprised that this happened.

    ...
    ...
    ...

    Yeah, didn't think so.

    If something like this is ever going to work, it's going to have to be a lot more underground, just like the spammers.

    p
  • by lou2ser ( 458778 )
    If anyone is interested, this link still works:

    http://download2.makelovenotspam.com/screensavers/ MLNS_screensaver_en.exe [makelovenotspam.com]
  • by Mordant ( 138460 ) on Wednesday December 01, 2004 @03:09AM (#10961238)
    Not only because the command-and-control server can be hacked and the hosts running the screensaver turned into a botnet used to launch DDoS attacks, as we see - but because a) the veracity of the so-called 'target list' cannot be verified to the degree necessary to make this even theoretically sensible (i.e., it could be gamed by those submitting false spam reports to induce the system to attack innocents, not to mention the PCs of innocents which have been compromised as spam-proxies along with the network infrastructures of their ISPs), but outbound DDoS can be just as devastating as inbound DDoS.

    This is the stupidest idea ever. I hope several someones end up suing Lycos over this, it's just moronic.

    -All- security measures should be predicated upon the sentiment expressed in Hippocrates' _Epidemics_ (-not- the Oath, that's a popular misconception) - '. . . first, do no harm'.
    • not to mention the PCs of innocents which have been compromised as spam-proxies

      To paraphrase another thinker-type, John Selden:

      "Ignorance of the machine excuses no user."

      Just because they didn't *intend* to get their box compromised doesn't mean they're entirely innocent, either.

      p
    • by flyingsquid ( 813711 ) on Wednesday December 01, 2004 @03:45AM (#10961360)
      I agree. We should not be going after spammers with internet attacks.

      We should be going after them as angry mobs armed with pitchforks and torches.

  • by Mia'cova ( 691309 ) on Wednesday December 01, 2004 @03:10AM (#10961241)
    Report me? haha. Knowing my ISP, they'd probably increase my bandwidth.

    I hope the guys who attacked Lycos are getting hit hard by their service. Keep it up Lycos! You're obviously hitting a nerve.
    • you do realise that this lycos operation is really mostly just increasing costs on normal isp's, who won't even probably be able to bill the actual spammers for the bandwith in the first place.. ..so it's really adding to the problem, problem of bandwith getting wasted by the spam problem.
  • by lachlan76 ( 770870 ) on Wednesday December 01, 2004 @03:11AM (#10961245)
    This kind of tactic, if not outright illegal, is a grey area...now perhaps, if you simply made a script to go through the emails, put every link on a list, and used spare bandwidth to request pages from all of the links that have been sent, that could be legal, but still a grey area.

    What I don't think is a good idea is a company deciding who deserves to be DDoSed. In that sense, it is little better than MyDoom, which also attacked unpopular companies.

    Personally, I think we should try to take down companies that use spam for advertising legally, rather than using a DDoS. But I might not have the popular view, you never know.
    • What US law would you like to apply to a Chinese email server admin?

      You think Congress passing a law is going to make it at all enforcable in countries that feel free to tell Americans where they can shove it?

      Legality is a joke when enforcing something like spam on the internet. If you get China to crack down, which you won't, then the 25lb servers just get shipped to India, Pakistan, russia, east europe, sout america... Hell. Anywhere.

      Furthermore, some now do, and more will, use bot networks of rooted W
      • I meant to use a method of removing spammers from the internet that is not illegal.
      • What would be good, is a way to check the os of the box sending you traffic, if it's windows then drop the mail.
        Seriously, every single spam i've recieved today has been from a windows machine, while every legitimate mail has been from some form of unix, if we were to reject mail coming from windows hosts we could cut out a vast majority of it.
  • That screensaver is probably already circulating on P2P networks as well as FTP and Instant Messenging.
    • The problem is, if you didn't get it when the getting was good, what source do you trust now? How do you get a copy of the screen saver and know that it's safe to run and that it doesn't contain a spammer's trojan to own your system (and spam from it)? I certainly wouldn't trust something I got from a P2P network this way. And I expect people will even hesitate to trust the Lycos site for at least a while, since we know the spammers can control that site.

      Maybe a source code copy that you could compile your

  • by Prairiewest ( 719875 ) on Wednesday December 01, 2004 @03:17AM (#10961261) Homepage
    I'm amazed that Lycos thinks this will actually work, simply from the fact that I do not know anyone that has downloaded a "screen saver" for their computer in the last year.

    It used to be all the rage... yes, starting with AfterDark decades ago, and finally culminating in WebShots a few years ago. But does anyone really do this nowadays? Seriously?

    Maybe if it showed a random "babe/hunk of the day" while doing its nasty work it would be downloaded by more people...
  • by lennart78 ( 515598 ) on Wednesday December 01, 2004 @03:19AM (#10961267)
    I hate spam as much as the next person, but I'm having serious doubts about this project. How easy might it be to target this system to a legitimate website and turn the thing into a botnet for DDoS-attacks, and stuff like that?

    The problem with spammers is a hopelessly outdated protocol for sending and relaying e-mail on the one hand, and on the other, governments failing to produce adequate legislation to combat spammers, scammers, and the like on the Internet.
    Then think that most companies and business-oriented lobby groups fight hard to keep e-mail available as a direct marketing medium, the same way they would thoroughly object to a ban on telephone-based telemarketing.

    We don't need a bunch of cowboys arming themselves with guns and taking out everyone they see as a danger to society/Internet, we need decent, solid legislation, and government commitment to take out spammers.
  • by Romancer ( 19668 ) <`moc.roodshtaed' `ta' `recnamor'> on Wednesday December 01, 2004 @03:25AM (#10961287) Journal
    And hacking websites that attack spammers is fine.
    • On a side note, can we petition Slashdot to have a rotating link to spammers websites or the links in the spam they send. You know, to show we're looking at what they want to show us... a lot... a whole lot, enough to crash their bane of the internet.
    • All I have to say is go ahead, report it to my ISP. I'll then ask them to turn the report over to the attorney general so they can go after you for hacking, spamming and harassment. :)
  • Or maybe it's just a joke -- can you ever tell?

    Yes, since it's working now again, it was probably unintentional.
  • The main cost of spam is not the extra bandwidth it consumes. It's the human time lost in sorting the real mail from the crap every goddamn day. If by fighting it we (temporarily) double or triple the bandwidth wasted, I say, who cares?
  • by borud ( 127730 ) on Wednesday December 01, 2004 @04:10AM (#10961456) Homepage
    First I have to say that I didn't like Lycos' DDoS-screensaver one bit. (And yes, while Lycos are technically trying to not quite floor the spammers' infrastructure, this is a distributed denial of service attack in form, and denying this just looks silly). It opens the door for corporate vigilantism and it certainly sets a bad example for others.

    What next? Users attack hardware vendors for not releasing drivers for graphics cards? Political parties make screensavers which overload the web servers of the opposition? We do not want to go there.

    I guess this time they should consider themselves lucky that someone didn't manage to remove positive control over the screensavers from Lycos, effectively turning their DDoS zombie network into a tool for spammers. It would have been such a sweet irony of the very network of DDoS-agents created to thwart spammers would be turned into a spamming network.

  • They say that the screen saver downloads the pages, but that it does not display them. If they take the only potential fun out of it, who do they expect to actually use their silly thing?

    I might have had some fun for a while with a screen saver displaying random spammer's pictures, but without it, why bother...
  • by arnoroefs2000 ( 122990 ) on Wednesday December 01, 2004 @04:32AM (#10961515) Homepage
    Your company advocates a
    () technical ( ) legislative () market-based (x) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (x) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (x) It will stop spam for two weeks and then we'll be stuck with it
    (x) Users of email will not put up with it
    (x) Microsoft will not put up with it
    (x) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (x) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    (x) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    (x) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    (x) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Extreme stupidity on the part of people who do business with Microsoft
    ( ) Extreme stupidity on the part of people who do business with Yahoo
    (x) Dishonesty on the part of spammers themselves
    (x) Bandwidth costs that are unaffected by client filtering
    ( ) Outlook

    and the following philosophical objections may also apply:

    (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    ( ) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    (x) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government reading my email
    (x) Killing them that way is not slow and painful enough

    Furthermore, this is what I think about you:

    ( ) Sorry dude, but I don't think it would work.
    (x) This is a stupid idea, and you're a stupid company for suggesting it.
    ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
    • by evilviper ( 135110 ) on Wednesday December 01, 2004 @06:30AM (#10961865) Journal
      You're wrong on so many counts here, it's amazing...

      The following are clearly completely untrue:
      (x) Mailing lists and other legitimate email uses would be affected

      (x) It will stop spam for two weeks and then we'll be stuck with it
      (x) Users of email will not put up with it
      (x) Microsoft will not put up with it
      (x) Requires immediate total cooperation from everybody at once
      (x) Anyone could anonymously destroy anyone else's career or business
      (x) Jurisdictional problems
      (x) Dishonesty on the part of spammers themselves
      (x) Countermeasures must work if phased in gradually


      All the rest are HIGHLY unlikely to be correct. For instance you suggest this is illegal by selecting several options, yet you haven't pointed to any laws outlawing it.
  • DOS (Score:5, Interesting)

    by Gilesx ( 525831 ) * on Wednesday December 01, 2004 @04:33AM (#10961518)
    "DOS style attack"? Hardly - it actively monitors the servers to prevent them going off line. A DOS attack goes all out to take a server down.

    All Lycos is doing is send hits out to slow down a server. How is that different to posting a link in a news article in Slashdot? We all know that will get slashdotted, yet links are still posted. In both Lycos' and Slashdot's cases, something deliberate is done which causes a degredation in server perfomance. I don't see how it's any more of a DOS style attack than slashdotting a site.
    • It is a DOS attack. The screensaver denies the spammers their internet service. If they're paying for a 10mbit connection and getting a 128kbit connection then they're being denied the service they pay for.. The fact it doesn't completely deny their service is irrevelevant.
    • Intent counts in many legal systems, and certianly in the US which is the relivant one. The intent of linking to a site on /. or most places is to show someone something cool. You see something you like, you send it in, the editors also like it, they link it. Now if it has the consequence of knocking out hte server, well, sorry, that wasn't what we were going for, just lots of people are interested.

      This here is intentional loading of servers, for the purpose of using up resources. That's real different.

      To
  • by cliffski ( 65094 ) on Wednesday December 01, 2004 @06:19AM (#10961832) Homepage
    Does this make sense? Ive seen it suggested somewhere:

    One of the problems with spam is all the companies selling software that 'sends ten million emails a day'. Given that this is hardly likely to be for legitimate use (does your company have 10 million subscribers?) heres a way to hurt their pockets.

    Go to google
    Search for bulk email software
    Click once on every google ad on the RHS.
    Repeat each day.

    Every click costs the spam (sorry *direct marketing*) company maybe $0.05. If everyone on slashdot did it, these companies would be hit bigtime. Their ad budgets would be used up, and their conversion rate would be zero.

    Its not going to rid us of spam, but it IS one way to fuck up the assholes that make this stuff so easy.
    • by Blitzenn ( 554788 ) on Wednesday December 01, 2004 @08:28AM (#10962291) Homepage Journal
      Those ads cost more than a nickle to click on my friend. Depending on the populatiry of the search, one click can cost as much as $20.00, (that I have seen myself). My company uses this advertising method and it has been successful so far. Our per click advertising average is about $13.00. That's definatelyy per click too. I am sure other people who use this form of google ad can confirm this.
    • BTw, we sell hardware. We do not send out unsolicited email. Your method would wrongfully harm a number of upstanding companies that hate spam too. YOu have to identify which ones are the culprites before your proceed down a road like that.
  • by IainMH ( 176964 ) on Wednesday December 01, 2004 @06:48AM (#10961919)
    It's more like a 'screendestroyer'

    I downloaded this yesterday. What does it do apart from use up spammers bandwidth? It keeps essentialy the same non changing image up on the screen. Er no thanks. My shiny new 19" TFT isn't going anywhere near that.

    I know CRTs can now cope with static images, but TFTs can't.
  • by WCMI92 ( 592436 ) on Wednesday December 01, 2004 @08:41AM (#10962379) Homepage
    I have no problem fighting them in this way, so long as the software is careful and uses the more conservative and less political blackhole lists (such as SpamHaus).

    Our government has no clue when it comes to technology. It's not the government's job ALONE to protect us. Sometimes we have to do it ourselves.

    I'd like to see a version of this that DoS's banner ad services that do drive by malware installs...
  • by AnalogDiehard ( 199128 ) on Wednesday December 01, 2004 @02:46PM (#10965984)
    This is an act of desparation of the spammers. By this action they have exposed their achille's heel.

    Spamming is prevalent because it is literally free of cost to the spammers. This tool threatens to raise the cost of spamming end via excessive bandwidth demands at the spammer server end. If the cost of spamming became prohibitive then spam would be extinct and they would not have the resources to retain hackers to carry out their malicious efforts like deceptive URLs and hijacking innocent PCs as spam boxes.

    The Lycos tool makes that threat very real. The spammers know this and they have focused their attack on the tool.

    If they take legal action arguing that attacks on their ISPs was damaging their liveliehood, the same can be said of spammers' attacks on our inboxes and compromised PCs. When you accuse someone by pointing at them, there are always three fingers pointing back towards you.

    Legislative actions are ineffective thanks to lobbying efforts from direct marketing organizations of which spammers are a member. The CANSPAM accomplishes nothing and trumps more aggressive state laws. If the government cannot provide relief, then the private sector will seek alternatives without their help.

    It was only inevitable that this happened.

    Begun, the spam war has.

Keep up the good work! But please don't ask me to help.

Working...