[Mimedefang] Lycos Screensaver that attacks Spammers
Kevin A. McGrail
kmcgrail at pccc.com
Wed Dec 1 10:29:57 EST 2004
Below is an interesting article from The Washington Post where it details a
new screensaver from Lycos. The screensaver visits websites while your
computer is idle that are referenced in SPAM and make it to a bad spammers
list. This is done in an attempt to limit the website ability to server
traffic efficiently by causing extra traffic.
While I question the 100% legality of such a tactic, it DOES make sense that
we could make a SURBL site-still-online-verification-list that would cause
an LWP request to URLs per incoming email. This could be used to verify that
websites are still online which is valid and is done in response only to
email received at your server.
Perhaps this information wouldn't be used Real-time to prevent mail server
delays but simply collected in the background and reported to a central
service. If it has the added benefit of costing spammers extra money or
slowing down their site, they should throttle their improper email outbound
having a direct 1:1 correlation.
Thoughts?
KAM
http://www.washingtonpost.com/ac2/wp-dyn/A22311-2004Nov30?language=printer
Lycos Offers Program to Attack Spammers
By Daniel Woolls
The Associated Press
Tuesday, November 30, 2004; 9:50 PM
MADRID, Spain -- At the risk of breaching Internet civility, a European Web
portal is offering its visitors a weapon against spam: a screensaver program
that tries to choke spam servers by flooding them with junk traffic.
As of Tuesday, about 65,000 people have signed up for the controversial tool
from the German-based Lycos Europe, whose sites get 20 million users
monthly.
The company insists the technique is legal - it says the culprit servers are
simply choked a bit, not completely asphyxiated - and dismissed concerns
that its "Make Love not Spam" offensive can further clog the world's digital
pipeline.
Still, computer experts are worried.
"You don't stop a bad thing by being bad yourself," said David Farber,
former chief technologist at the U.S. Federal Communications Commission.
"The idea of somebody coming and hitting you and you hitting back, you both
end up very hurt. It just aggrevates an already serious problem."
When a computer with the free Lycos screensaver is idle, the program sends
junk commands to Web sites identified by Lycos as selling products pitched
in spam. When done in masse, this eats up precious bandwidth, causing the
sites to overload and slow down.
The goal, said Lycos Europe spokesman Kay Oberbeck, is to "show the owners
of such spam Web sites that there is massive interest of thousands of users
who are not willing to just give up against more and more spam each day."
The targets generally are not the servers used to do the actual mailings;
these days, those servers are most often legitimate ones co-opted into
spamming by viruses and worms.
Lycos chooses its targets by reviewing lists of suspect sites identified by
independent spam monitors such as SpamCop. The company said it checks each
manually to make sure it genuinely carries products promoted by spam, though
Oberbeck acknowledged the risk of going after a legitimate site that has
been hijacked by a spam-spewing site.
He said Lycos takes care not to crash spam servers altogether, ensuring that
they will never go below 5 percent bandwidth. Thus, he said, the offensive
isn't the same as denial-of-service attacks commonly used by hackers to
incapacitate Web sites.
Cyberspace activism - such as virtual sit-ins in which computer users gang
together and use automated tools to flood a Web site - is not entirely new,
said Dorothy Denning, a professor of defense analysis at the Navy
Postgraduate School in Monterey, Calif.
But in this case a for-profit company is the driving force.
"The interesting question is whether or not that company might be liable
under some law, and would probably be liable, certainly, at least under a
lawsuit by the spammers," she said.
Denning believes any impact on spamming will be minor at best. Though spam
sites have to pay for bandwidth required for the extra traffic, she said,
"the cost off adding extra bandwidth may be worth the reward that comes from
spamming."
© 2004 The Associated Press
More information about the MIMEDefang
mailing list