Lycos Anti-Spam Screensaver Brings Down Spam Sites

ChairmanMeow writes "According to BBC News, the screensaver released by Lycos Europe that targets spam websites has been a bit too successful at targeting spam sites, bringing down two sites, with a third responding intermittently, and raising concerns that the screensaver amounts to a DDoS attack against spam sites. Of course, spammers deserve to be punished, but will DDoS attacks against spam websites help to curb the problem of spam?" While the screensaver allegedly throttles back when a site slows, it would seem it's being a bit overzealous.

Bad? No way.

[Malevolyn]

It's nothing illegal. Just packet spam.

Re:Bad? No way.

[networkBoy]

Really,
Is there anything legally wrong with this?
It's not a "bot" army in that the owners of the PC's opted in to do this.
-nB

--
Damn 2 min between posts BS has got to go. Should be limited to within topics or something :grrr:

Re:Bad? No way.

[neitzsche]

Vigilantism (sp? Is that even a word?) is legally risky at best. I would love to see lawmakers specifically exempt Lycos in the specific anti-spam effort. I'd also like to see lawmakers pass laws that increase spam penalties to death by slow and painful torture. Maybe that's just me.

But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn? My USA Lawmakers seem ignorant (at best) when it comes to technology issues. Furthermore, making an exception for spam only would likely open the door to tremendous abuse. Would GWB authorize DDOS against non-Republican affiliated endeavors?

It's a slippery slope. As much as I like the concept, my doubts are not being assuaged.

Berman tried that

[www.sorehands.com]

Last year, Berman tried to pass a copyright measure [com.com] which would immunize a copyright holder's efforts to stop someone from violating their copyright -- hacking into their system to remove the material, take it off the network, or shut it down.

Re:Berman tried that

[Anonymous Coward]

*blink* oh, yeah, really clever law.
RIAA hacks into someone's computer.
Person has no legal recourse against RIAA
Person hacks back and knocks the RIAA off the internet / nukes their network / whatever
The point is that when there's no peaceful resolution (i.e. a court settlement), then everything descends into a non-peaceful solution, i.e. a free for all. And, simply, the RIAA wouldn't have much of a case in the courts against someone for the counter-hack - IANAL but if the person hacked CANNOT defend themselves against it in the courts (particularly if nothing infringing was found) then to hack back to prevent yourself from being attacked is self defence, defence of property not person, but nontheless self defence.

The other possibility is that with all the hacking and counter hacking going on, firewall and other defensive technology should improve no end, which is good. Eventually the computers will all be locked up so tight that it ends in a stalemate, with a situation identical to that today, except that it'll be because no-one can get into the other's computers, rather than because it's illegal.

Quite simply, if the law refuses to protect something or someone then the law can't complain when someone or something protects itself. That's got to be written down somewhere.

Although I'm probably entirely wrong because IANAL at all, in any way, shape, or form.

Re:Berman tried that

[dgatwood]

The point is that when there's no peaceful resolution (i.e. a court settlement), then everything descends into a non-peaceful solution, i.e. a free for all.

Welcome to the Internet. :-)

No, seriously, the 'net was founded on principles of consensual anarchy. That's the way it has always been, and the way it always should remain. By signing onto the Internet, the spamming companies agreed to join a transnational network that was effectively above the laws of any one nation. If someone wants a protected little world, they should wall themselves off from the 'net behind eight firewalls and never communicate with the rest of the universe. If a whiny, crybaby spam business wants to fight against it, let them try. Next time, the 'net's tendency towards autocorrection will ensure that they get BGP blackholed for all eternity.

The right solution for solving spam is not one of government. We don't need laws to make DOS attacks on spammers legal because they were never illegal to begin with. They agreed implicitly to accept whatever the Internet threw at them when they signed on. This is the way the Internet has always worked---when polite discourse fails to correct the error of one's ways, the 'net's response is to isolate the problem in the harshest possible manner to serve as an example to others who might choose to also act in ways that are harmful to the best interests of the 'net.

There's simply no other mechanism for solving this sort of problem other than everyone giving up on unsigned SMTP, and since too many people aren't willing to do that, the only alternative is to simply packet-spam the spammers into oblivion. I say, let their routers burn.

Re:Berman tried that

[Anonymous Coward]

I *really* like the sound of the phrase let their routers burn. Beautiful. Thank you.

Re:Berman tried that

[neitzsche]

The right solution for solving spam is not one of government. We don't need laws to make DOS attacks on spammers legal because they were never illegal to begin with.

Dude, that is like, what, +500 insightful? I wish I could un-post so that I could mod you up.

Re:Berman tried that

[gokeln]

Big problem here. The most powerful win, at everyone else's expense. It seems fine when applied to spammers, but if somebody powerful decides they don't like you anymore, you're off the net, or worse. There has to be some kind of legal protection, as the ubiquitous network becomes a necessity of living, both for the powerful and for the average-joe.

Re:Berman tried that

[Mant]

The net was founded by the military to make a distributed system that could withstand a nuclear attack. It was then used by academia to exchange information. Then the geeks and techie types outside those groups got in on it, finally the rest of the world, including big business and so government attention.

It certainly went through anarchic times, and is still pretty anarchic, but I think it is a stretch to say it was founded on it. As for above national law, why? Because it wasn't enforced for a while? Wh

Two great examples

[poptones]

of why we need to further evolve the internet. Back when it was limited to academics and fringe kooks the server/client model was valid, but as its becoming a broadcast medium it needs to evolve past antiquated notions.

Universal broadband - even constrained geographically (ie we are all broadband peers in our neighborhood/block/town whatever) will make both ddos attacks and hacking individual machines ineffective. Imagine how popular radio would have been all those decades ago if more listeners caused the

Re:Bad? No way.

[pcmanjon]

One of the spam sites www.moretgage.info has changed it so it has a meta refresh tag to redirect traffic to lycos.

Interesting, but I don't think the screensaver actually renders and executes HTML code, it just does a GET, meaning the redirect would do nothing, right?

If it does execute code, (which would be a security hole vuln.) then I suggest they just do a get on www.moretgage.info/fakepage -- which isn't apparently blocked.

Re:Bad? No way.

[LiquidCoooled]

The screensaver isn't doing everything though.

All the news sites covering the DOS attack are spreading word of the attack.

They are loading the site themselves because of a link in the news report or a forum comment.

Re:Bad? No way.

[oexeo]

Interesting, but I don't think the screensaver actually renders and executes HTML code, it just does a GET, meaning the redirect would do nothing, right?

It depends how the redirect is implemented, a META refresh would probably not work, but a HTTP "Location:" header might.

Re:Bad? No way.

[Eric Savage]

Only if it's a "real" HTTP client and actually follows them, which I doubt it does.

Now a CNAME on the other hand...

>:)

Re:Bad? No way.

[oexeo]

> Err ... I think you're wrong.

No you are wrong. If you alter the Location directive to point to a page other than the page requested, *most* clients will follow it.

Re:Bad? No way.

[pcmanjon]

"No you are wrong. If you alter the Location directive to point to a page other than the page requested, *most* clients will follow it."

Yeah, but this is to hoping the screensaver is a jury-rigged HTTP client that just does a GET request and downloads the content from the server (meaning it doesn't support the full http 1.1

Re:Bad? No way.

[oexeo]

In theory you need a 302 response, but I have yet to see a browser, or other common HTTP client which doesn't work without it.

I have on the other hand seen badly designed clients which will only accept a 200 response, and reject any other response code.

The parent (to my post) was suggesting that all clients will ignore a location directive unless told to follow it, which is not true.

Re:Bad? No way.

[vacuum_tuber]

One of the spam sites www.moretgage.info has changed it so it has a meta refresh tag to redirect traffic to lycos. Interesting, but I don't think the screensaver actually renders and executes HTML code, it just does a GET, meaning the redirect would do nothing, right?

Right. Pretty much all of the recent news stories about this got it 100% wrong. In fact, from a sample HTTP request someone posted in one of these Lycos threads here, the screen saver doesn't even request a valid file. It generates a GET or POST intentionally formulated to generate a web server error response. Very clever. Not so clever are all the whiners and speculators who erroneously presume things like the imagened vulnerability of the Lycos tool to HTTP redirection.

Re:Bad? No way.

[drakaan]

Host headers, look 'em up.

Re:Bad? No way.

[severoon]

Well, wait a minute. It's clearly unethical if the screensaver sends random data to these spammers web sites--that's clearly a DDoS attack. On the other hand, if it's not random data and it's, say, business opportunities and offers of various useful products that the spam sites might want to know about, I'd say this screensaver is providing a valuable service to them!

Re:Bad? No way.

[Jim_Maryland]

It's clearly unethical if the screensaver sends random data to these spammers web sites--that's clearly a DDoS attack

Wouldn't the fact that we've all gotten spam from a site constitute a previous business interaction (of course initiated by the spammer)? Maybe the screensaver just needs to send a unsubscribe link to another spammers site. Lycos could claim that the unsubscribe link was coded in error.

Re:Bad? No way.

[ArcticCelt]

I think we are on something here! The screen saver should send something through the GET like:
http://www.spamersite.com/?do_you_want_to_increa se_you_bandwich_by_three_full_gb

Re:Bad? No way.

[museumpeace]

What if we frame it this way:
Lycos did not itself or via its employees directly take this action. they gave the victims of the spammers a way to fight back. The people who have not asked to have their inbox crambed with unwanted, often fraudulent emails have the feckless help of a few antispam laws and not much else except to change addresses often. I am sure the spammer didn't ask for all those pings or whatever the Lycos spammerjammer does...turnabout is fair play.

Re:Bad? No way.

[Simonetta]

But there's a big problem with the concept of legalizing even such specific vigilante acts. Where does the line in the sand get drawn?

Thank you for your interesting comment.

The spam problem has been inadvertently created by the internet designers and should be addressed and eventually solved by the web designers. This is not an area where legislators need concern themselves. They don't have to pass laws about everything. After all, that would only perpetuate the illusion that technical problems c

Re:Bad? No way.

[name773]

Spam is a bit harsh; the lycos screensaver is a legitimate bulk packet sender.

Re:Bad? No way.

[Tackhead]

> Spam is a bit harsh; the lycos screensaver is a legitimate bulk packet sender.

Exactly. If the mortgage guys don't like the packets coming from our screensavers, why haven't they sent us any opt-out requests?

Re:Bad? No way.

[Rei]

I can just picture the packets now. They try to send to every destination port on the target machine, the control bits are always set to "Urgent!" (URG), the source IP is deliberately set incorrectly, the data segment is malformed and contains a fake "opt out" message at the end...

Re:Bad? No way.

[Geminus]

The really bad people are the ISPs. I know some folks at MCI and AT&T... they know their customers are spammers, but as one MCI rep said, "They pay." Some ISPs would be shut down due to a lack of revenue if it weren't for these little providers harboring these SMDs (Spams of Mass Dissemination) I say we should call nato and organize a fact finding investigation. Now let's liberate some servers!

They Opted In

[PetoskeyGuy]

When someone sends a SYN, you don't have to respond with an ACK. If they don't like it, they should delete those packets and get on with their day.

Whiners

Re:Bad? No way.

[Jaysyn]

I think my screensaver has quit attacking, it just fades to gray with the text "stay tuned" at the top.

Jaysyn

Re:Bad? No way.

[tomhudson]

It's sad though, because people are getting attacked who are innocent.

These people were far from innocent

One reply from a guy who is being attacked:

"One israeli company that was supposed to sell our paintings spamed the
internet,
and loaded pictures from our site to save on their traffic.

Come on, they deserved what they got. They hired someone to spam people ("sell our paintings on the internet") - they should have checked out just "how" they were going to accomplish this.

Wilfull ignorance is no defense.

We have no direct connection to this spam.

Bullshit. They paid someone to spam people, and now they're trying to say it's not their fault. They should have done their due diligence and asked just how this spammer proposed to market their paintings.

Actually...

[Anonymous Coward]

It's according to Netcraft [netcraft.com]. Their story is Spam Sites Crippled by Lycos Screensaver DDoS [netcraft.com], followed by Lycos Screensaver Site Blocked by Internet Backbones [netcraft.com] and Lycos Screensaver Site Changed, Now Says "Stay Tuned" [netcraft.com]. F-Secure also says spammers are beginning to fight back [f-secure.com] by redirecting traffic back to Lycos.

Come on people, primary sources! This isn't elementary school.

So I guess you really CAN say it this time....

[WebCowboy]

...NETCRAFT CONFIRMS IT
the Lycos screensaver is dying (but it'll take a few spammers down with it)

What's really cool is...

[jd]

This is the second time this week that a major news site has cited Slashdot as a major news vendor and partial source for their story. (The Guardian did a few days ago.)

We could be seeing a dotslashing (a reverse Slashdot) where this site is bombarded by visitors because of all the links to it.

The really terrifying part is that non-geeks will get to see how geeks communicate...

Re:What's really cool is...

[ryanmfw]

see how geeks communicate...

Uh, they probably won't see much communication here...

Cheers, Ryan

Quick!

[powerlinekid]

Post the links to the sites it targetted, we can finish them off!

Re:Quick!

[shdragon]

Ask & ye shall receieve.

www.bokwhdok.com [bokwhdok.com]

rxmedherbals.info [rxmedherbals.info]

blundering.subbvbvf.com [subbvbvf.com]

http://m39.computergearplus.com [computergearplus.com]

www.artofsense.com [artofsense.com]

printmediaprofits.biz [printmediaprofits.biz]

Re:Quick!

[powerlinekid]

Fatality!

Re:Quick!

[Jaysyn]

Art of Sense is the only one of those that still loads. Text from the front page.

"Welcome to Art Of Sense Studio by Alvi Siren.

Special note: We are an innocent victim of Lycos anti-spam program and our lawyers preparing a lawsuit against it."

Does anyone have any SPAM from these guys to debunk that claim?

Jaysyn

Re:Quick!

[LiquidCoooled]

To me, it seems their marketing campaign has gone the wrong way.

I don't see any problem with email offers as such as long as they are above board so to speak, for instance because I have signed up for a company, or expressed an interest in a product.

Up until recently they had an email signup form on the web, and its not difficult to signup anyone you want, the site is quirky enough to raise a laugh amongst friends (I went through a phase of signing up folks to knitting pattern newsletters!).
(Archive link: http://web.archive.org/web/20040202064714/www.arto fsense.com/signup.html [archive.org])

On the signup page, they do state that they never sell emails or pass to others, which considering the whole look and feel of the site (small family art business) seems like a reasonable line.

Now, if one of those friends was on Lycos and marked it as spam its quite feasible that the Lycos engine has taken it onboard as spam.

This could mean Lycos makes no distinction between a reasonable prospective mailing from a small reputable company and the hardened multimillion hidden linkage spyware infested crap.

But then again, I'm possibly very wide of the mark.

Re:Quick!

[oexeo]

All those links are down, do you have any mirrors?

Fixed list of sites

[Ed Avis]

They released the screensaver with a fixed list of sites? I thought it would look through your Spam folder in your mail client and visit each web site mentioned there; a much fairer way to do things and perhaps legally safer too.

I know someone has previously suggested making mail clients download every link in a message; the idea is that if everyone did this then spammers would even have an incentive to get 'unsubscribe' working. Yes, it does confirm that your address is live; so what, it was on the spam list anyway.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Fixed list of sites

[The Ultimate Fartkno]

This [hillscapital.com] is close to what you're looking for. (It's IE only, though.)

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Quick!

[powerlinekid]

A reverse slashdotting of slashdot? You anonymous coward are a clever one.

Hmm.

[digitalgiblet]

Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...

Re:Hmm.

[colman77]

No, it's not- it's fighting back. This should serve as a lesson to those spyware kiddies, too. It's about time these malware losers got a taste of their own medicine.

Re:Hmm.

[discord5]

No, it's not- it's fighting back

Let's take this to the non-geek world, and compare this to advertising folders that get shoved down your mailbox every day. This is basicly the same thing as going to the companies that distribute those folders, and shoving their mailbox full of folders untill their hallway is full.

While it might be funny to do this, it's definatly more of a crime than shoving one folder down a mailbox that says "No commercial print".

Re:Hmm.

[HybridJeff]

No, its like telling evreyone on your street to take their own ads and drop them in the mailslot of the advertising company. If I drop off off one add it isnt my probalem that 200 other people did the same thing too. Or 2000, or 200,000 other people.

Re:Hmm.

[IgnoramusMaximus]

While it might be funny to do this, it's definatly more of a crime than shoving one folder down a mailbox that says "No commercial print".

Crime? What crime?! "Return to sender" is a crime now?! When did you become so slavishly subservient to corporate idiocies like "direct mail campaigns" which deforest the planet that you would even dream of this being illegal!?

And by the way, "no commercial print" is going to get you nowhere. In most places you do not own the space within your mailbox, it belongs to the

Re:Hmm.

[djdavetrouble]

It's only funny til someone gets hurt.......... then it's hilarious !

Re:Hmm.

[Kris_J]

I think it's more like tens of thousands of people sending the occasional fax to the main reception number of a company that never respects your "no junk mail" sticker on your mailbox.

Sounds like fun.

Re:Hmm.

[tzanger]

Let's take this to the non-geek world, and compare this to advertising folders that get shoved down your mailbox every day. This is basicly the same thing as going to the companies that distribute those folders, and shoving their mailbox full of folders untill their hallway is full.

While it might be funny to do this, it's definatly more of a crime than shoving one folder down a mailbox that says "No commercial print".

Why is it "definitely more of a crime"? Maybe I'm just thick but I have as much of a

Re:Hmm.

[k98sven]

Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer...

Yes, but you'd have to make that mass-murderer. Which means all the difference, I'd say.

A spammer targets millions of people who have to put up with their junk in their mailboxes and on their networks.

A DDOS attack is thousands of people targeting a single individual.

Besides, if thousands of people are independently of each other voluntarily accessing these particular sites, then there's no crime in that. (AFAIK, you can't be convicted of 'conspiracy to disable an internet server through requests')

I don't generally condone vigilante justice, but this is no more criminal behaviour than what thousands of Slashdotters engage in every day. Only with a different aim.

Re:Hmm.

[iphayd]

Isn't this more like having the entire neighborhood join the neighborhood watch, then post everyone around the perimiter of a pedophile's property?

online lynchings

[Random_Goblin]

Isn't this more like having the entire neighborhood join the neighborhood watch, then post everyone around the perimiter of a pedophile's property?

the trouble with mobs and vigilanes though is they are not very just, and can't be relied on not to attack the pediatrician [madbadorsad.org] by mistake.

lynchings are generally considered bad things for a reason, and this is what this screensaver amounts to online lynchings.

Which is a very good idea...

[raehl]

... as least until one of your arsonists accidentally burns down the murderer's neighbor's house.

Re:Hmm.

[drinkypoo]

Look, they can send you spam for any kind of tenuous "business relationship". Why can't I send them packets under the same terms? If they send me an email, then we have a business relationship, right? I'm just visiting their website... 20349875029375 times.

Re:Hmm.

[legirons]

"Using a DDOS on spammers is kind of like sending an arsonist to burn down the house of a murderer..."

except without the fires and dead people...

Re:Hmm.

[NetFu]

No, no, no. You're looking at it in the wrong scale.

What we're talking about here is like everyone in a neighborhood going to the house of their local Jehovah's witness or door-to-door salesman and constantly knocking on their doors to try to sell THEM something.

Or an even closer equivalent would be a screensaver that would call telemarketers over and over and over again to "inform" THEM that you don't want anything they want to try to sell you.

It's an disruptive, pre-emptive attack against people who do the same thing to all of us every day. To equate either act to murder or arson is insane!

Re:Hmm.

[oexeo]

I think it is more akin to a group of people going over to a murderer's house and beating him to death with baseball bats.

Nothing wrong with that.

Of course not! So long as you're ready for more guys with baseball bats paying you a visit (since you are now a murder).

Anyone Thinking about a Mozilla Plugin?

[stecoop]

Instead of using Adblock we need Ad-Double-Block. With Ad-Double-Block you wouldn't not only block the image but use spare bandwidth to repeatedly click on add banners behind the scenes. If I understand the article correctly, the software reads your email and sends clicks through to the web sites listed that are in a spam box(?) while the screen saver is on throttling back when the site slows. Of course you should be able to configure the pain threshold for the sites.

Re:Anyone Thinking about a Mozilla Plugin?

[neitzsche]

So if I hire a spamhaus to advertise my competitor's website...

Hmmmmm. Needs a little caution, methinks.

Re:Anyone Thinking about a Mozilla Plugin?

[penguinboy]

For a little while, sure. But once the ad purchasers realize they're not making any sales on those "clicks" they'll start paying far less per ad click.. it'll all even out.

OMG, you're right!

[rackhamh]

What a horrible thing to do to those friendly neighborhood spammers. :(

DDOS? Or manual takedown?

[dtfinch]

How do we know that the spammers didn't just take their servers offline in response to the attack?

Re:DDOS? Or manual takedown?

[colman77]

Does it matter? Mission (screw the spammers) accomplished either way.

I honestly don't care

[nzgeek]

I don't care if the spammers' servers are DDoSed. They can take their fucked-up business model and shove it, as far as I am concerned.

Good on Lycos for finally having the balls to stand up to these guys. The spammers have been stealing bandwidth off all of us for far too long now.

Re:I honestly don't care

[the real darkskye]

Because Lycos Europe claim that they hand check all the websites they select.

Unmoderated system?

[rubberband]

As the admin of my mail system's spam filter, I would like to see nothing more than "drag a spammer in to the street and beat them with a keyboard until they repent day" but I worry about this system.

Who controls the list of "spam sites"? What are the criteria for becomming a victim? I would personally like this process to be transparent before I encourage anyone to participate - I do think they have the best intentions, but the potential for abuse is a bit scary.

That's what sucks about the spam war.. the good guys have to be careful how they deal with the problem to avoid accidentally screwing someone innocent. The bad guys just double their output.

What I think will happen

[xgamer04]

Spammers will hire scumware authors to write apps that packet sites who target spammers, making the circle complete. Then, the masses (tm) will get infected with the scumware. It isn't that hard to figure out.

Worrying

[jmorris42]

Yes, spammers are evil scum who need a standard NATO round square in the forehead. But this sort of rough and ready justice worries me. An attack on the network is an attack on the network, period. If this sort of thing becomes respectable where does it end?

If it is OK to DDoS spamers, who else is it ok to knock off of the net?

Kiddie Porn?

Regular Porn?

Nazi/Skinhead sites?

Anything YOU think is a 'hate site'?

Anything ANYONE things is a 'hate site'?

Anything anyone objects to for any reason?

Business competitors?

Political opponents?

Anyone applauding Lycos for this had better be ready to draw the line somewhere on that list above and defend why their line is the absolute correct one in language all can agree on or that line will creep down at Internet speed.

Re:Worrying

[k98sven]

If it is OK to DDoS spamers, who else is it ok to knock off of the net?

"News for nerds, stuff that matters"?

Re:Worrying

[raehl]

line will creep down at Internet speed.

African internet speed or European internet speed?

Re:Worrying

[ookabooka]

You are absolutely right. Drawing a line will become a problem. I personally hope that Lycos continues this program, and that someone eventually sues. The government needs to step in and solve the spam issue. With lycos going all vigilante, it forces the government to address what it has long ignored. In my opinion, if the government sees a certain site protected under the law such as freedom of speech, then you cannot spam it. If it finds a site's business practices unethical and/or tries to shut it down,

Re:Worrying

[rackhamh]

Poor comparisons. Kiddie porn is illegal, and in many countries so is hate speech. If a user *seeks* those sites, then the user is breaking the law, even if the site itself may not be (depending on where the server is located). But for the most part, those sites don't go out of their way to make unsolicited offers to users.

On the other hand, if a site is targeting users in a region where the content is illegal (as is the case with spam), and no method can be found to enforce the law effectively (as is

Re:Worrying

[hackstraw]

An attack on the network is an attack on the network, period. If this sort of thing becomes respectable where does it end?

It begins and ends when these people contact me without my prior consent or knowledge.

Forgive those that trespass? Fuck that. Put up a warning sign, and shoot all violators. Plain, fair, and simple.

Re:Worrying

[sheetsda]

Kiddie Porn?
You have to look this up, it doesn't come to you.

Regular Porn?
You have to look this up, it doesn't come to you.

Nazi/Skinhead sites?
You have to look this up, it doesn't come to you.

Anything YOU think is a 'hate site'?
You have to look this up, it doesn't come to you.

Anything ANYONE things is a 'hate site'?
You have to look this up, it doesn't come to you.

Anything anyone objects to for any reason?
You have to look this up, it doesn't come to you.

Business competitors?
You have to look them up, they don't come to you.

Political opponents?
You have to look them up, they don't come to you.

I draw the line at: If it's actively pestering you without any sort of provocation and without any way for you to stop it by other means, you have my support to knock it off our internet. This is my intuition on where the line is, please poke holes in it so we can move toward the correct solution. Spam is the only thing that readily comes to mind that falls on the other side of this line.

Spam itself is a form of DDoS attack: when you get enough of them email will become worthless to you, which is exactly how any DDoS attack works at some level.

Not a DDOS

[renehollan]

People voluntarily chose to run this, no? It isn't like there's one person using a bunch of machines (with or without their owner's permission) to launch a coordinated attack.

Rather, it's a bunch of people coordinating their requests for information. At worst, it's civil disobedience (though not directed at government) or an organized, peaceful protest.

I had a similar idea a while back, where people supportive of a cause could voluntarily elect to permit their computers to engage in simultaneous activity coordinated from a single point. It's cool to see this.

Re:Not a DDOS

[Anonymous Coward]

DDoS is not defined by the willingness of the parties involved. DDoS is a distributed denial of service attack. Denial of service means that ones service is being denied by another party. Distributed means it comes from multiple sources... just because people are willing to let it happen has NOTHING to do with it.

If me and 100 people on an IRC channel willingly installed something similar and used it to attack government websites or servers would they call it civil disobedience? I think not.

Get it rig

Quick!

[UberOogie]

Someone get the world's smallest violin immediately!

I love spam

[sparks]

I am always interested in novel commercial propositions. There's nothing I love more than seeing what exciting offers are available in the way of bodily enhancement, alternative medicines, and high-return investment opportunities.

Don't you feel the same? I'm sure you do.

Wouldn't it be great if someone would create a screensaver that would automatically visit the websites of the vendors of these enticing offers and display them on my screen? I'm a fast reader so it would be great if it could show a few each second.

That way, I'd be able to read all about their exciting products without having to do anything at all.

If there was such a screensaver, maybe lots of people would download it. After all, I'm sure we're all interested in the products on offer. And what e-entrepeneur wouldn't want to have thousands of interested potential customers visit his web site every second?

Re:I love spam

[Anonymous Coward]

It's called Spam Vampire, google it.

Who died and made Lycos vigilante of the Net?

[discord5]

Hey, I like the idea of punishing spammers, but Lycos is playing a game that's very dangerous. They're doing DOS-attacks (by proxy) on servers, and where I live that's actually a crime. While sending lots of unwanted e-mail will get you a slap on the wrist, DOS'ing a machine without written consent actually gets you jailtime. Where is the liability here when someone installs this screensaver? Is the end-user responsible for the DOS, or is Lycos responsible?

Another point on this is that this only brings more traffic to the Internet. I know, what's a few measily packets when people are leeching torrents like mad, but still. While this effectively disables spammers for a while, remember that you can't fight fire with fire (or SYN with SYN in this case).

And what about machines that accidentally get on the list of machines to be abused? Hey, I know that in theory only bad guys get on the list, but I've had enough customers actually get on an RBL while they don't spam.

This is dangerous ground we're walking here, and sooner or later someone is going to call their lawyer. The ISP that provides internet access for the spammer perhaps, or perhaps even the spammer who knows that where he lives sending spam is nothing compared to DOS.

Re:Who died and made Lycos vigilante of the Net?

[Yaztromo]

Hey, I like the idea of punishing spammers, but Lycos is playing a game that's very dangerous. They're doing DOS-attacks (by proxy) on servers, and where I live that's actually a crime.

On the original website for this tool, you were asked to select your country from a list in order to download the tool. The list was quite limited -- only some European countries were listed.

I'm guessing this is because Lycos did their research to determine in which countries potential users wouldn't get into trouble if

The people who choose to run it...

[msimm]

Are the ones who decided to do that attacks. Lycos just had an idea, it takes computer users to implement it (or not).

A few bits of info..

[BawbBitchen]

Lycos is not auto-grabing the urls from the spam. It is having someone open the spam, verify it is spam, verify the end link url for the Viagra or such. Only then is the site added to the target list. Lycos has said that they are not trying to take down the site but cost it money. Seems that they did not write their software right to take into account that everyone and their grandmother hates the spammers and would install it. So a few spam sites went down. I am of the opinion that this is a good thing. They should change their software so it does DoS the site. Having been/worked on large networks I can say that a DoS will 99% of the time only affect the hosting company and the people that sell them the pipe and most likely only at that pipes termination. (Also it is not a true DoS in the sense that the software request the page and completes the transaction!) And I say so the fuck what!?! The hosting company should get screwed for hosting the spammer.

It is about time we (the collective geeks) do something real about spam. Sure I have SA and all that installed but it is a pain, cost us money (time and hardware). Spammers should be shot. Spammers website should be hacked and cracked and trashed. The companys that knowingly host them should get the same. Their are no laws or police that can fix this chaos we call the Internet. It is up the the users to handle the shitheads.

It is time to declare ALL OUT WAR SPAMMERS. Let our motto be "Victory or....NO CARRIER!!!"

Re:A few bits of info..

[jmorris42]

> It is about time we (the collective geeks) do something real about spam.

The only people who can 'do' something about spam are the ones who run the backbone. When they decide doing the "wink wink nudge nudge" game of loudly proclaiming their hatred of spam and signing pink contracts with the spammers isn't profitable anymore spam will end. If all of the major providers started enforcing their published AUP/TOS against their downstream customers spam would vanish in short order. Yes a few examples wo

doesn't lycos make spyware?

[geekbruin]

i'm so confused. isn't this the same lycos that has their sidesearch spyware (http://www3.ca.com/securityadvisor/pest/pest.aspx ?id=453078521 [ca.com])? and if so, isn't this a bit disingenuous to be a anti-spam patriot while perpetuating their own brand of spyware? i mean, really, now.

But sir....

[krbvroc1]

Dear Spammer,

I hope you enjoy the packets we are sending you. This is a not SPAM. Previously you opted-in for these packets. If you would like to be removed from our packet list, please turn off your machine. Thank you.

One question

[ScrewMaster]

How does taking down a spammer's Web site stem the flow of spam? The two aren't related, and in fact all that's happening is that a hosting company somewhere is getting blasted (not that that bothers me ... host a spammer's Web site and you can just take your lumps.) However, actual spam is sent using open relays and other bits of misdirection and likely isn't even on the same pipe as the Web site. Sure, this sends the spammers the message that we don't like what they're doing ... but one has to assume that they already know that. I guess I don't see what practical purpose this is serving.

Re:One question

[Fjornir]

Simple. Economics! Spam is an attractive massmarketing tool simply because it it so SO cheap. If it becomes common for sites selling through spamvertising to be protested in these virtual sit-ins then two things happen:

a) Their bandwidth bills go up from all of these bots reloading them, increasing the cost of using spam a LOT.

b) The people who would want to buy their product are discouraged by long pageloads and sporadic outages, decreasing their revenues.

OVERZEALOUS?

[alizard]

WMDs would be overzealous, since most spam hosts are physically surrounded by companies who not only don't do soam, but are spam victims like the rest of us.

If your site shares a network with a spammer, time to complain to your feed site. Anyone who puts their customers at risk by tolerating known spammers on their network deserves to lose business or to get sued by their customers. (something along the lines of tolerating a public nuisance which is interfering with your business, I suppose)

Re:Is It Right?

[networkBoy]

TFA says that the program attacks sited advertised in the spam, thus the source machine of the UCE is not the target.
-nB

Re:Why spam?

[TWX]

*cough*LycosSidesearch*cough*

Re:Why stop with spammers?

[TheAwfulTruth]

As long as they can do it to /. as well.

Why not get every person and every site on the net to DDos the entire farking thing off the planet? Doesn't that sound like fun?

Think about it, there is not one thing on the net that probably isn't an annoyance to at least one person out there.

If DDOSing a site you don't like becomes generally acceptable behavior, the net is in some serious trouble.

It's entire foundation of the internet being based on believing that people will generally "play nice" (as it is) is on the verge of causing it's destruction here.

Lets keep cool heads. Boycott and stop supporting the use of the lycos screen saver and get back to work on a better email protocol!

Re:Why stop with spammers?

[swordgeek]

While I generally agree with you, there are a few counterarguments that need be considered:

"If DDOSing a site you don't like becomes generally acceptable behavior, the net is in some serious trouble."

Keep in mind that this isn't about sites that we don't like, or sites that offend us--it attacks the sites that CRIMINALS use to perpetrate their CRIMES. Theft of service and fraud are pretty obvious, but I can't believe that most spamming isn't tied into organised crime these days.

As for the 'net being fo

Re:Innocent victim?

[IgnoramusMaximus]

Thank god there was actually a concrete example for all the vigilanti monkeys here screaming for blood so much they don't see that innocent people will get whacked by their activities.

Err..no. The "art studio" is a prollific and long time spammer. But they do apply the standard Israeli method of operation: when you get caught red-handed, you shed crocodile tears and make big eyes and whine and whine and whine about how you are a victim and the whole world is unjustly against you etc etc. This act is wearin