dslreports logo
 story category
Make Love Not Spam
Screensaver targets spam servers
Lycos Europe has started distributing a screensaver designed specifically to help target verified spam servers. The program which is titled "Make Love Not Spam" sends a request to view a spam source site, when a large number of screensavers send their requests at the same time the spam web page becomes overloaded and slow. They claim that this is different than a distributed denial of service (DDoS) attack as they conduct tests to make sure that no server actually stops working. Lycos believes the increased bandwidth usage caused by the program will eventually hurt spammers through higher bills.
view:
topics flat nest 
page: 1 · 2 · 3 · next

Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY

1 edit

1 recommendation

Googled

Member

It's still DDOS

Just because they don't completely overwhelm the server doesn't mean it's not a distributed attack.

I think Lycos is going to make quite a few enemies that have quite a bit of money to invest in blackhat counterattacks.

Edit: Don't get me wrong I don't like spammers, but this is most likely doomed to backfire.
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: It's still DDOS

said by Googled:

Just because they don't completely overwhelm the server doesn't mean it's not a distributed attack.
Actually, for it to be a DDoS, there has to be some level of denial of service...

From what I've read, there is no attempt to deny service access to anyone and in another posting I saw elsewhere, they attempt to minimize how much they slow a site down...

It seems that all they are really trying to do is increase the bandwidth costs for these spammers...

Trakker8
Danger
Premium Member
join:2003-01-12
ß

Trakker8

Premium Member

Re: It's still DDOS

Ummm what planet do you live on?

DDOS doesn't actually have to work to be considered a DDOS.
As well the words WIRE TAMPER come to mind.
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: It's still DDOS

said by Trakker8:

Ummm what planet do you live on?
Th planet called earth where people who actually know what they are talking about have facts to hack it up... Apparently not the same planet you are on.
DDOS doesn't actually have to work to be considered a DDOS. As well the words WIRE TAMPER come to mind.
Let's see... If you actually read their site and some of the documentation, the system is designed not to create a DDoS condition.

As for wire tampering... You really need to look up the definition of what wire tampering actually is before you start tossing terms out.

Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY

Googled to bmn

Member

to bmn
Click for full size
Effects of the campaign
said by bmn:

From what I've read, there is no attempt to deny service access to anyone and in another posting I saw elsewhere, they attempt to minimize how much they slow a site down...
You might want to try reading their website. Lycos is measuring their success based on how much website response time is increased, they also are reporting traffic generated.
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: It's still DDOS

said by Googled:

You might want to try reading their website. Lycos is measuring their success based on how much website response time is increased, they also are reporting traffic generated.
Actually I did, several weeks ago...

AT that time they were only talking about bandwidth being used, thereby increasing the costs to spammers. At that time, there was no mention of them attempting to slow the sites down.

Either way, so long at as the site is still accessible, there really is no problem.
Pony99CA
join:2004-09-05
Hollister, CA

Pony99CA

Member

Re: It's still DDOS

said by bmn:

AT that time they were only talking about bandwidth being used, thereby increasing the costs to spammers. At that time, there was no mention of them attempting to slow the sites down.

Either way, so long at as the site is still accessible, there really is no problem.
Really? So if one company decides to slow down a competitor's site, hoping people will get sick of waiting for a response and go to their site, that's cool with you, eh?

Even if you say this only applies to spammer sites, it's a DDOS regardless of your protestations. Even sites undergoing a DDOS can be accessible to some users, so where do you draw the line between a DDOS and simply slowing a site down?

I don't personally have a problem with this program, as spammers deserve any pain they get, but don't kid yourself that this isn't a DDOS.
bmn
? ? ?

join:2001-03-15
hiatus

1 edit

bmn

Re: It's still DDOS

said by Pony99CA:

So if one company decides to slow down a competitor's site, hoping people will get sick of waiting for a response and go to their site, that's cool with you, eh?
Nope its not cool isn't since its not even remotely really the same thing... In the case you are talking about using a technique to block a legitimate business who is acting within the law.

This case is about dealing with people who break laws and regulations and employ tactics that are at best, questionable in their legal status, to make money. This is a same group of people who have launched REAL DDoS attacks on RBLs and anti-spam sites, causing them to drop off the internet. This is a group of people who actually put a majority of the cost on people who are fighting and receiving spam by causing us to expend time and energy blocking their spew or deleting it from our inboxes...
Even if you say this only applies to spammer sites, it's a DDOS regardless of your protestations. Even sites undergoing a DDOS can be accessible to some users, so where do you draw the line between a DDOS and simply slowing a site down?
Unfortunately there is no hard and fast number to determine the point at which a DDoS is a DDoS, but as long as no one is being prevented from accessing the site (denied service), its technically not a DDoS.

»searchsecurity.techtarge ··· ,00.html

"The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users."

dalesplace
join:2000-09-14
Cleveland, OH

1 edit

dalesplace

Member

Re: It's still DDOS

Hmmm ... sounds like you would also have to support RIAA and their goofy pet senator's bid to do the same to P2P users. After all, the P2P user D/L'ing a copyrighted work is breaking the law. Therefore, slowing down/blocking their computer is a substitution instance of your argument.

As much as I like the idea of making the spammer's like miserable, I think this method is inappropriate. Personally, I think ANY time someone intentionally take's another's resources (computer time, disk or bandwidth) against the owner wishes they've stepped over the line.
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: It's still DDOS

said by dalesplace:

Hmmm ... sounds like you would also have to support RIAA and their goofy pet senator's bid to do the same to P2P users. After all, the P2P user D/L'ing a copyrighted work is breaking the law. Therefore, slowing down/blocking their computer is a substitution instance of your argument.
The problem here is that the RIAA is not law enforcement... They have no authority, legally, to act as enforcers of copyright law. That right is specifically allocated to the government...

As well, the problem is that the RIAA does not differentiate between pirates and future customers... I can understand if they took out people who specifically pirate, but they problem is that they also want to eliminate users who download and then buy if the music is good (like myself).
As much as I like the idea of making the spammer's like miserable, I think this method is inappropriate. Personally, I think ANY time someone intentionally take's another's resources (computer time, disk or bandwidth) against the owner wishes they've stepped over the line.
You do, of course, recognize the parallel between this and what spammers are doing every time they send out SPAM, right ? As a server administrator and as a person who does IT work, the truth is that WE foot the bill for them because they send out mail we don't want, but are forced to deal with. And spam filters do cost money and time to setup and maintain.

ShadowGeek
@bellsouth.net

ShadowGeek to dalesplace

Anon

to dalesplace
>Personally, I think ANY time someone intentionally take's another's resources (computer time, disk or bandwidth) against the owner wishes they've stepped over the line.

You've just scored a point against your own argument - this is EXACTLY what spam does to my computer.

EoverMC2
@insightBB.com

EoverMC2

Anon

Cudows SHADOW GEEK

Good POINT BVD

sobriquetnet
@tpgi.com.au

sobriquetnet

Anon

Re: Cudows SHADOW GEEK

>>Personally, I think ANY time someone intentionally take's
>>another's resources (computer time, disk or bandwidth)
>>against the owner wishes they've stepped over the line.

>You've just scored a point against your own argument - this
>is EXACTLY what spam does to my computer.

You're missing the point......... "ANY time" someone takes another's resources. It doesn't matter if they did it to you first.... it's still going too far.

If someone murdered your sister/brother/partner/dog, would it then be ok for you to murder theirs?

Talon88
The One
join:2003-08-13
Toronto

2 edits

Talon88

Member

Re: Cudows SHADOW GEEK

:::

Ths answer is yes if the law cannot kick the
person to the jail. He can do it & I can do
it as well....!

:::
said by sobriquetnet:

>>
If someone murdered your sister/brother/partner/dog, would it then be ok for you to murder theirs?

BoredofSpam
@209.161.x.x

BoredofSpam to sobriquetnet

Anon

to sobriquetnet
We're not talking about murder here. We're talking about Internet abuse. Is it ok for you to have to waste time in a huge company to find our which email is good and which are useless?

Don't mix apples and carrots...
th34
join:2004-12-02
Houston, TX

th34 to sobriquetnet

Member

to sobriquetnet
Except that in this instance, your not going after their brother or sister, but the culprit, or culprits. And yeah, you damn well better believe it, if the authorities could not or would not bring them to justice, then going after them by ANY means necessary is fine by me.

RuhigMan
@comerica.com

RuhigMan to sobriquetnet

Anon

to sobriquetnet
If the law offers no prohibition toward an attack on me, it can not offer a prohibition on me defending myself.

Habatus
@dial.inet.fi

Habatus to bmn

Anon

to bmn
I like the idea that you can make spammers life a bit more difficult, but there should be a considerable amount of research before a site is added as a target site.. For example my operator has been on a blacklist 2 times this year because of some technical whatnot. They have added spamfilters and done preventive measures, which they should.. But if this happens again and this operator is targeted by this screensaver the results would be quite bad since it will result in even bigger problems for this operator.. And think about if this screensaver could be reset by some nasty piece of code to do this same thing on "microsoft.xxx" or some other site. And maybe even do it with 10x normal traffic..
th34
join:2004-12-02
Houston, TX

th34

Member

Re: It's still DDOS

The screensavers dbase is manually checked-by people who go the the sites advertized in the spam-so unless your advertizing with spam, i wouldn't worry.

moejama
@162.33.x.x

moejama to bmn

Anon

to bmn
The real issue is who cares if it's DDOS. You all are hyprocrits to complain about this being an illegal DDOS attack when at the same time most of your are probanly downloading or uploading copyrighted material as we speak.

Obviously it is a denial of service attack no matter how you attempt to skew the definition of denial. In some form network resources are being taken away and therefore denied from the spam servers normal use.

I think it will have no major effect on slowing spam but rather just annoy the server admins who keep these spam machines up. People all want revenge against the spammers for the last decade of junk email and the overall slowing of the internet which may result from the billions of spam emails sent out ever day or ever hour for that matter.

How are you gonna launch a DDOS attack against P2P networks that are spread out into millions of clients and most of them on dynamic IPs. You're not. Ones with central servers are weakest anyhow and for p2p to keep up the way it is they all have to more to completely decentralized service.

I don't see the big deal. If i want to donate some of my bandwidth to hurting the performance of spam servers then I should be able to do that.. provided that they are spam servers and sending spam is illegal in my country at least. I wouldn't care if this was a complete DDOS attack in fact I would like it better if it were. How about a app that does the same but allows the user to opt to do full DDOS attack.
This why its not Lycos's fault its the users. Just like the p2p arguement.

As long as spam is illegal and most everyone hates it I think DDOS them is fair. Justice and legality are two entirely different things. I might be on the wrong side of legality but it's perfectly just to get these guys back. Laws are meant to be dynamically changed not to dictate our morals or thoughts on subjects.

You can bet if the Bush Administration put a DOS program together for hitting terrorst sites wrapped in USA flag colors and told you to run it to save your country for terrorists.. people would do it and not question a thing. In the big picture of right and wrong this issue is completely insignificant.

jayinric
@kaplan.com

jayinric

Anon

Re: It's still DDOS

moejama said "You can bet if the Bush Administration put a DOS program together for hitting terrorst sites wrapped in USA flag colors and told you to run it to save your country for terrorists.. people would do it and not question a thing. In the big picture of right and wrong this issue is completely insignificant."



If we could find the servers that the terrorist were using, I'd rather just drop and EMP in the area.

Dave P
@212.250.x.x

Dave P to moejama

Anon

to moejama
"As long as spam is illegal and most everyone hates it"

Unfortunately, if everybody hated spam, nobody would ever respond to it, and there would be no point in sending it, but clearly, legions of idiots click the links and buy things and make it all worth while for the spammers.

If everybody just ignored it, it would go away!

digits
@telia.com

digits to Googled

Anon

to Googled
For all you "It's still DDoS" posters...

First, DDoS stands for Distributed Denial of Service.
It's a way to attack a server (and "hopefully" take it down) by for instance sending billions of malformed packets (Buffer Overflow).

Note the imperative word above, Denial, and since this service doesn't Deny (take their servers down) this can't be a DDoS attack - even though the ethics about this can be questioned, you still don't Deny any of their services.
Perhaps a DHoS would be a better acronym to use, Distributed Hampering of Service...

And most of you posts should do your homework, both you pro and con types...

»staff.washington.edu/dit ··· sc/ddos/

Oh, and if you still are reading, DDoS isn't really a name for a specific attack, it's a type of attack.
You have Buffer Overflow, SYN, Smurf, TeadDrop, Viruses and even snipping off an ISP's opto cable is considered DoS.

FightBack
@adelphia.net

FightBack to Googled

Anon

to Googled
That's the idea -- but technically it's NOT DDOS.
It is not prosecutable.

Consult your Internet savvy attorney like we did and you'll see. It cannot be legally prosecuted as a DDOS because the user's computer cannot possibly produce sufficient requests to "deny service". Only thousands of computers can do that. Besides, the innocent computers are simply replying to the request in the SPAM.

Point #2: the prosecution would have to identify the perpetrator. Since no single perp can effect the DDOS, they would need to subpena all of the IPs and their owners responsible for the DOS -- in such case no attorney in his right mind would EVER take such a case to court.
You lose. Done deal. End of story.

Let's hope it catches on.
However this morning the site seems to be down.
So it must have ruffled someone's feathers! NOW who's the criminal?

See:
"Filters that Fight Back"
»www.60-Seconds.com/artic ··· 163.html

GTaylor95
Premium Member
join:2002-12-14
Frisco, TX

GTaylor95

Premium Member

Hmmm, this sounds familiar

Spamvampire anyone? Only just like with spamvampire a spammer can just as easily point the DNS elsewhere, say...FBI.com?

Good thought, but bad idea...
tdkyo
join:2002-12-07
Rochester, NY

tdkyo

Member

Hmmm bandwidth?

So we are helping to slow down the spam servers with our bandwidth? I don't trust Lycos to decide what is spam "server" and what is not. They might hurt innocent servers that might look spam servers. Dunno on this topic.

Googled
Yay, I have FIOS
join:2001-08-13
Orchard Park, NY

Googled

Member

Re: Hmmm bandwidth?

You can report a spam url via their website and they will start a DDOS on it (hopefully after some sort of investigation.)
bmn
? ? ?

join:2001-03-15
hiatus

bmn

Re: Hmmm bandwidth?

The verify the offending server by checking RBLs and spam messages that are submitted to people who combat spam.
tdkyo
join:2002-12-07
Rochester, NY

tdkyo

Member

Re: Hmmm bandwidth?

Well, I hope most people who submit these spam websites know what they are doing. If they submit the web address from E-mail address, then we might be seeing submitions from "Google" to "Microsoft" to other famous websites.
I want this plan to be optimistic, hope they do a good job.:)

Optimized
MVM,
join:2001-05-03
Ringwood, NJ

1 edit

Optimized to tdkyo

MVM,

to tdkyo
said by tdkyo:

So we are helping to slow down the spam servers with our bandwidth? I don't trust Lycos to decide what is spam "server" and what is not. They might hurt innocent servers that might look spam servers. Dunno on this topic.
Good point ... here is another

From The Register article

"A spokesman for Lycos in Germany told The Register he believed that the tool could generate 3.4MB in traffic on a daily basis. When 10m screensavers are downloaded and used, the numbers quickly add up, to 33TB of 'useless' IP traffic. Seems Lycos may hurt not just spammers."

newview
Ex .. Ex .. Exactly
Premium Member
join:2001-10-01
Parsonsburg, MD

1 recommendation

newview

Premium Member

You don't fight abuse WITH abuse

Spammers are criminal scumbags, and it's tempting to take revenge on them by using an application such as this, but when you do . . . the only thing you've accomplished is to lower yourself to their level.

••••••••
CyberSchnook6
Upon Reflection, I Do Not Wish To Post.
Premium Member
join:2004-11-21

CyberSchnook6

Premium Member

Lycos?

Didn't they go down the toilet (quality-wise, anyway) about a million years ago?

Apparently, the toilet's backed-up again.

TonyLooch
Premium Member
join:2002-01-12
Pittsburgh, PA

TonyLooch

Premium Member

Re: Lycos?

said by CyberSchnook6:

Didn't they go down the toilet (quality-wise, anyway) about a million years ago?

Apparently, the toilet's backed-up again.
CMU should stick to building robots.
vic102482
Premium Member
join:2002-04-30
Upper Marlboro, MD

vic102482

Premium Member

Lycos the same lycose

That puts all that spyware garbage on your PC like Lycos search!! I hate them!!

BonezX
Basement Dweller
Premium Member
join:2004-04-13
Canada

BonezX

Premium Member

Re: Lycos the same lycose

goodbye spam, hello spy
NelsonUSAF
join:2002-01-24
Oklahoma City, OK

NelsonUSAF

Member

Make Love Not Spam

It seems fair to me. They have caused me to abandon several e-mail accounts over the years, because they clog my inbox with junk e-mails (many from sites I would never dream of visiting).

They also send this junk to e-mail addresses of children. I say anything that puts these scum out of business is acceptable.

nerdling301
join:2004-01-12
Brookline, MA

nerdling301

Member

legality?

is this legal? this is basically an attack on their website, even if it is a spam site.
Samwoo
join:2002-02-15
Rancho Palos Verdes, CA

Samwoo

Member

Re: legality?

Spam sites love spewing out data all over the internet...
Why not help them do that, i mean they must love getting soo many connections so that their spam can get sent out all over the place, and then into the trashcan with this software.
ced06
join:2004-03-12
Towanda, PA

ced06

Member

Zombies...

Why not rent a few thousand "dedicated" zombies and DDOS the hell out of them...
LooseCannon8
join:2001-05-14
San Luis Obispo, CA

LooseCannon8

Member

Re: Zombies...

This makes sense. Reminds me of a line in Training Day, "To protect the sheep, you have to catch the wolf, and it takes a wolf to catch a wolf." But it seems that this didnt turn out to be the best idea in the end...

KillEmALLRightNow
@taylor01.mi.comcast.

KillEmALLRightNow

Anon

DEATH to all SPAMMERS !

A PAINFUL SLOW DEATH to ALL SPAMMERS is the solution !

pcscdma
hi
Premium Member
join:2004-01-14
Winterset, IA

pcscdma

Premium Member

Re: DEATH to all SPAMMERS !

said by KillEmALLRightNow:

A PAINFUL SLOW DEATH to ALL SPAMMERS is the solution !
I actually agree to a post by taylor01.mi.comcast. ! OMG!!1one!exclamationpoint
JPCass
join:2001-01-23
Denver, CO

JPCass

Member

On the right track

I've hoped for a long time that someone would come up with a tool that could be widely spread to consumers - the end recipients of the vast majority of spam - that would generate an anonymized "visit" to the website listed in spam. I like Lycos' approach and they have the right profile with consumers to promote and spread their idea, but I'd like to see it get its URLs from the individual users' e-mail identified as spam and be set (at least by default) to generate only a single hit.

If each spam e-mail sent generated one hit on the website being promoted - rather than the 1 in 1,000 or less response that they expect - then those using spam as advertising would bear a lot more of the burden of the traffic they generate. And if it was just a single hit from a single source that they had actually sent e-mail to, I don't think it would exactly be a DDOS attack.

DaDogs
Semper Vigilantis
Premium Member
join:2004-02-28
Deltaville, VA

DaDogs

Premium Member

Bad Idea...

This is a bad idea. One might call it vigilantism.

When one chooses to become the "self proclaimed protector of a society" one is assuming a huge responsibility. That kind of responsibility should never be assumed, it should be elected.

One might make reasonable parallels with regards to on-line communities, if that were allowed in these forums. Alas, it is not allowed in these forums.

Bad idea.

In Agreement
@ntl.com

In Agreement

Anon

Re: Bad Idea...

"This is a bad idea. One might call it vigilantism."

And that's bad?

As with 'normal' crime, if the law won't protect people, then the people should protect themselves. You gonna be "politically correct" and ask your knife-wielding burglar to wait patiently while you call the police, or are you gonna stick him with the biggest kitchen knife you can find?

Fight fire with fire, I say. If they want to flood my inbox with their crap, I have no problem flooding their servers.

The law is dragging its heels on this matter, like it does with most areas of the internet and with technology in general (i.e. illegal downloads). Until government regulation stops them - or until any of you bright sparks here can come up with a better idea - then this will do for me!
53059959 (banned)
Temp banned from BBR more then anyone
join:2002-10-02
PwnZone

53059959 (banned)

Member

and the verdict is:

DENIED
besides, I like my dual-monitor screensaver better

Ivybridge_I7
Cyber-Crime Researcher OpSec
Premium Member
join:2004-06-09
Daytona Beach, FL

Ivybridge_I7

Premium Member

Make Love ,Destroy Spammers

I don't agree with doing DoS attacks against any websites even if they are run by spammers.


»www.antihotmail.com
Dslreports.com Profile: »profile.antihotmail.com
spammers_are_scumbags@antihotmail.com

Safemaster
Premium Member
join:2004-01-18
Loxahatchee, FL

Safemaster

Premium Member

Lycos and spammers

I agree to use any method to hurt spammers in the pocket, whether is a DDoS attack or any other way. I will even contribute my computer to hurt spammers.

I guess I didn't hold back my feelings ah.

CyberTrip
@lax1-4-11-210-025.ds

CyberTrip

Anon

Lycos

The problem with doing this is that alot of spammers use insecure smtp servers which are actually used by innocent users. Flooding these servers can cause down time and even a financial loss. Lycos better be aware of who they are targeting.
JPCass
join:2001-01-23
Denver, CO

JPCass

Member

Re: Lycos

said by CyberTrip:

The problem with doing this is that alot of spammers use insecure smtp servers which are actually used by innocent users. Flooding these servers can cause down time and even a financial loss. Lycos better be aware of who they are targeting.
Is that really such a bad way to provide a sort of feedback to the system? Either the spammers will get kicked off those servers, or they will realize those type of servers aren't usable anymore and will stop trying. Either way, after a brief shakeout period, it should cease to be a problem.

And as it is, spammers are already flooding various points in the system, and causing all kinds of headaches to both "innocent users" and corporations with their traffic and hijacked boxes. A cure might not be worse than the disease.
claudeo
join:2000-02-23
Redmond, WA

claudeo to CyberTrip

Member

to CyberTrip
said by CyberTrip:

The problem with doing this is that alot of spammers use insecure smtp servers which are actually used by innocent users. Flooding these servers can cause down time and even a financial loss. Lycos better be aware of who they are targeting.
I understand the idea is to flood the web site used by the spammer, not the haples server that was hijacked to send the spam. Most spam directs you to a web site; that's how they collect money; that's where you can hurt them.
This being said, one side of me says "that's not hurting enough for those scumbags", but the rational side says "bad idea", for many reasons, many of which have already been posted here.

z28kindaguy
Premium Member
join:2002-02-18
Brooklyn, MD

z28kindaguy

Premium Member

Anybody sign up?

Is anybody doing here doing it?

•••
grnch
join:2004-01-28

grnch

Member

Screensaver?

Call me old fashioned, but isn't a screensaver supposed to (gasp!) save the screen???

This Lycos "screensaver" will burn a hole in the middle of your monitor if you leave it on long enough. Instead of varying the picture constantly to prevent image "burn-in" on your monitor, as any screensaver is supposed to do, this thing displays a big bright static image in the middle, which will eventually cause that area to be brighter than the rest, lose contrast etc.

Thanks, but no thanks... I hate spam with a passion and I would have left this thing on 24h a day on all my machines, but I'm not gonna ruin my monitors to do it... deleted it from my computer after 5 minutes.

Incredible how even a semblance of a good idea turns to utter crap at the hands of incompetent bufoons.

P.S. If you want to remove this crap from your computer, just remove the 4 files in your C:\WINDOWS directory with name "Lycos - make LOVE not SPAM" and various extensions.

••••••

no one
@wasd.org

no one

Anon

Someone took down the homepage!!

I just checked from my school computer and I got this message.

»makelovenotspam.com/intl/

Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.

Nah, I don't think they got in trouble, just some spammer had enough and decided the site was too much of a threat. Any details about this anyone?

••••

digits
@telia.com

digits

Anon

Free IP giveaway...

everytime that screensaver requests to view one of those spam-sites, it gives your IP up.. Not really something I wish the spammers to have...

•••••••••••••
page: 1 · 2 · 3 · next