Screensaver tackles spam websites

Drakar

(not entirely sure if this is the correct board, but I figure it's of interest to security minded people for the ethical issues at least)

Lycos have developed a screensaver (like SETI et al), which goes through a list of recognised spammers and makes webpage requests. Each screensaver user only does around 3mb per spammer, but obviously this adds up. The theory is that this would result in a large increase in the spammer's hosting costs, winning a rare victory for the regular internet user. It's definately an interesting idea, I'm surprised however that Lycos isn't afraid of getting sued for what could end up being regarded as orchastrating a DOS attack if the software became popular enough.
http://news.bbc.co.uk/1/hi/technology/4051553.stm
http://makelovenotspam.com/intl/

Random

Sounds like a sound idea... if I didn't hate screensavers so much I'd signup.. I may make an exception even

vibe666

yeah, I was playing with it yesterday. they have a thing on their site that allows you to manually send requests to spammers sites too. not really practical, but fun none the less.

again though, not sure about the legality of it all, but then would it not be like robbing robbers?

"hello, is that the internet police? I'm a spammer, and I am a major contributor to junk on the net, and I'd like to report lycos for doing to me for free what I make a living out of doing to other people."

click....

"hello?"

Drakar

I think it would more go like:
"Hi, I'm the CEO of a large internet based medical company that helps people enlarge .... things. My business is entirely internet based, and this company l'eyekos or whatever seems to written a system that prevents customers accessing my website. I've lost thousands of <your local currency here>, and the transgressors are refusing to remove my name from their automatic attack lists. I want to see something done about it! Sargent Murphy, this is also delaying your delivery..."

Zonko

I really don't understand how they expect to get away with a publisised (sp?) DDoS though, but I do like the idea.

uberwolf

I'd a thought the idea that it was distributed such as it is would make it very hard to combat...

Drakar

It's definately very hard to combat. That's why nefarious programs that do this kind of thing are so effective. I think it's more interesting from the ethical/legal side of things. Should a company (or anyone) be allowed to promote what is essentially vigilantisism, and in this case for their own publicity(=profit)?

Capt'n Midnight

fragile wrote:

As was pointed out on the Open (webnet.ie) mailing list yesterday:

http://www.boards.ie/vbulletin/newreply.php?do=newreply&p=2134863

It all sounds lovely (in a 2 wrongs DO make a right kinda way) until you look a little further (slashdot) and discover that the makelovenotspam.com domain is registered to Starring Ltd AB (starring.se) - a Swedish Marketing company. Apparently Starring were contacted by Spray (a Lycos company in Sweden) to get more people to start using Spray’s e-mail service.

The makelovenotspam.com domain opens in a new window even in tabbed browsers then loads in a page hidden behind the new window "Our offers" from Lycos. Correct me if I'm wrong but isn't pushing adverts to people without their consent in an underhand fashion like this considered Spam?

dogs

This is a horribly bad idea.

BBC wrote:

Mr Pollmann said there was no intention to stop the spam websites working by subjecting them with too much data to cope with.

He said the screensaver had been carefully written to ensure that the amount of traffic it generated from each user did not overload the web.

...so they just want to run up bandwidth bills, not DDoS websites...

BBC wrote:

Early results show that response times of some sites have deteriorated by up to 85%.

How many other non-spammy sites are hosted on those boxes ?
You could argue, I suppose, that this will discourage hosting companies from taking on companies that sell spam advertised products; but then you have one company (Lycos) censoring others in a forceful way...

I haven't downloaded or run the Lycos software but unleashing something like this would take a lot of special care, I'd conservatively estimate that 50% of all deployed software is never updated, never patched or almost certainly forgotten about.

There's also the chance that users may not own the bandwidth they're using -- running it in work, for example. People have been fired for installing SETI screensavers (admittedly this was on a corporate-wide network of desktops).

Bad idea, two wrongs don't make a right, if you really wanted to put spammers out of business get people to stop buying from them, etc.

tck

Lycos Anti-Spam Site Compromised

doesn't look like they got off to a good start

:rolleyes:

Capt'n Midnight

SANS NewsBites Vol. 6 Num. 48

(Schultz): Nobody likes spam, but the approach Lycos is taking is a
best borderline from an ethical standpoint. Not only is Lycos "striking
back," but in doing so it is generating a substantial increase in
network traffic, the consequences of which will affect many others
besides the spammers. Furthermore, malicious users can now readily slow
down non-spam-related web sites by simply sending email messages that
contain URLs for these sites. Lycos has in effect opened Pandora's Box.]

Drakar

tck wrote:

Lycos Anti-Spam Site Compromised

It appears that this "comprimising" was a hoax.

dogs

This will end well...

The Register wrote:

Virus writers have begun distributing their wares in emails that pose as Lycos's abandoned "Make love not spam" screensaver.

The fake screensaver emails contain an attachment with a RAR SFX archive that has embedded key logger Trojan inside...

Full story here.