[Mimedefang] Lycos Screensaver that attacks Spammers

Ian Mitchell junk at aftermagic.com
Wed Dec 1 12:34:16 EST 2004 

> Date: Wed, 1 Dec 2004 11:46:10 -0500 (EST)
> From: "David F. Skoll" <dfs at roaringpenguin.com>
> Subject: Re: [Mimedefang] Lycos Screensaver that attacks Spammers
>
> This is a very bad idea for a number of reasons:
>
> 1) In a lot of places, people's bandwidth is metered, so this will cost
> them
>    money.  (The people running the screensaver, I mean.)

I dissagree with this entirely. First off, if you are on metered
bandwidth, then don't download the screensaver! For those of us on capped
bandwidth connections like DSL or Cable Modems, this is a great tool to
exact revenge on those who constantly attack to turn our assets into
drones. Not to say revenge is an acceptable alternative to security.

>
> 2) Just on principle, I don't approve of software that causes this kind
>    of network traffic silently and in the background.

I do. With one minor quid pro quo that probably hasn't been thought up
yet. Most spammers get paid based on the traffic (response) they create.
This is kinda the whole concept of online advertisement. So if we increase
the load on the targets webserver, would this not just increase the
paycheck to the spammers? How would this adversely affect the spammers? So
they lose a few clients, that just means we stop receiving ads on home
mortgage rates and start getting them on spam services instead.

> 3) The potential for DoS'ing an innocent third-party is too great.

Not if human intervention and highly intelligent systems are in place to
create a verified list of known targets, which I believe I read somewhere
that Lycos was suplimenting their screensaver with an "Ok to attack?"
check with a central server similar to the SURBL discussed here.

> 4) If spammers can commandeer huge armies of zombies to send spam, it's
>    not a big jump for them to install Web servers on the zombies so they
>    have a distributed network serving up their content that is resilient
>    against the Lycos attack.  (In fact, this is the logical next step to
>    counter SURBL.)

Oh you evil one for suggesting such nastiness ;)

Actually, some of the newest viruses exploiting the Iframe exploit in IE
work that way, they set up a rougue webserver that contains the exploit
and all you receive is an email with a link to that site. Pretty nice
since the "virus" never gets flagged as Spam nor actual virus content. You
don't get exploited until you attempt to open the link in a browser and
that connection is established with the rogue server.

> My anti-spam philosophy has always had as a basic principle: "First,
> do no harm."  I don't think the Lycos screensaver adheres to this
> principle.

Well it would certianly be nice if the Spammers had the same philosphy.

More information about the MIMEDefang mailing list