Tuesday, December 7, 2004
EUROPE — Lycos Europe has ended its anti-spam operation: "Make Love Not Spam." A company spokesperson said the objective of the time-limited campaign was to raise people's awareness. The reasons why it ended the campaign was variously reported and speculated in media. The operation, while fairly popular, suffered unexpected troubles and drew criticism from security experts and others from the start.
The company started distributing a screensaver on November 29, 2004 on makelovenotspam.com. Once installed, the computer would send HTTP requests to spammers' servers when not in use. The intent was to raise the running costs of those servers. Lycos coordinated these requests by choosing targets from lists generated by organizations such as Spamcop.com. The servers were monitored so as to keep them under heavy load, but alive.
Security experts roundly criticized the program. Steve Linford, director of a non-profit anti-spam organization SpamHaus, and Graham Cluley, a senior technology consultant of Sophos, pointed out that lowering moral standards to fight spammers was not a good idea. The legality of attacking the servers was also debated since it resembles "Distributed Denial of Service" attacks (DDoS), except that Lycos did not completely shut down the target servers.
Other troubles arose. The day after the campaign was launched, there was an alleged takeover of the web site's top page by a cracker. The page was replaced with a warning against the use of the screensaver, according to a screenshot sent via email to the Finnish security firm F-Secure. A Lycos spokesperson said that the screenshot was a hoax: there was no trace of intrusion in the server log and the site was simply unavailable due to a high demand.
Some Internet service providers blocked either the traffic to Lycos-Europe, or the requests generated by the screensaver.
Next, one of the targeted sites redirected all traffic to the Lycos' server, making Lycos itself a target. The company had maintained that its server was immune from the attack. Lycos stopped distributing the program on December 3, 2004 and asked clients to "stay tuned." The company later ended the program.
On December 6, F-Secure reported a virus email disguised as the anti-spam screensaver. When its attachment (a zip file) is opened, it self-extracts and installs a "Trojan horse" --harmful program disguised as legitimate software. The Trojan horse was set up to monitor keystrokes in order to steal passwords, bank account numbers and other important information.
Lycos' software had been downloaded more than 100,000 times by the end of the campaign.
== Related news ==
Earlier coverage at Wikinews
"Lycos launches screensaver to increase spammers' bills" — Wikinews, November 29, 2004
== Sources ==
Craig Morris. "Lycos users are to attack spammers" — Heise Online, November 26, 2004
"Screensaver tackles spam websites" — BBC Online, November 29, 2004
Mikko. "Makelovenotspam.com defaced?" — F-Secure weblog, November 30, 2004
Kevin Newcomb. "Lycos Europe Pushes Limits in Anti-Spam Fight" — ClickZ Network, November 30, 2004
Mikko. "Lycos Europe organizing a DDoS attack against spammers" — F-Secure weblog, November 30, 2004
Antone Gonsalves. "Lycos Europe Confronts Strong Resistance In Spam War" — Information Week, December 2, 2004
Alexey (with an update by Mikko). "Spammers fight back" — F-Secure blog, December 2, 2004 (update on December 4)
Paul Roberts. "Lycos, Spammers Trade Blows" — PC World, December 3, 2004
Claire Woffenden. "Lycos confirms anti-spam tool axe" — Web User, December 6, 2004
Katrin. "Fake Lycos screensaver" — F-Secure weblog, December 6, 2004
"Has Lycos empowered the spammers?" — silicon.com, December 7, 2004
Dan Ilett. "Trojan poses as Lycos Europe screensaver" — CNET News.com, December 7, 2004