Lycos Offers Spam-Server Attack Program
I ran across this and while it looks like a great idea for a moment, it dawned on me that not all sites listed by spamcop are real spammers. All it would take to get attacked by this company is for a legit company to have an overzealous affiliate that was suckered into a "E-mail 100 million opt in e-mail addresses" spam message.
So ask yourself if attacking a few real decent companies is worth attacking some spam sites before you download this screen saver.
Namaste,
Brian
iWon News
Lycos Offers Spam-Server Attack Program
Nov 30, 9:50 PM (ET)
By DANIEL WOOLLS
MADRID, Spain (AP) - At the risk of breaching Internet civility, a European Web portal is offering its visitors a weapon against spam: a screensaver program that tries to choke spam servers by flooding them with junk traffic.
As of Tuesday, about 65,000 people have signed up for the controversial tool from the German-based Lycos Europe, whose sites get 20 million users monthly.
The company insists the technique is legal - it says the culprit servers are simply choked a bit, not completely asphyxiated - and dismissed concerns that its "Make Love not Spam" offensive can further clog the world's digital pipeline.
Still, computer experts are worried.
"You don't stop a bad thing by being bad yourself," said David Farber, former chief technologist at the U.S. Federal Communications Commission. "The idea of somebody coming and hitting you and you hitting back, you both end up very hurt. It just aggrevates an already serious problem."
When a computer with the free Lycos screensaver is idle, the program sends junk commands to Web sites identified by Lycos as selling products pitched in spam. When done in masse, this eats up precious bandwidth, causing the sites to overload and slow down.
The goal, said Lycos Europe spokesman Kay Oberbeck, is to "show the owners of such spam Web sites that there is massive interest of thousands of users who are not willing to just give up against more and more spam each day."
The targets generally are not the servers used to do the actual mailings; these days, those servers are most often legitimate ones co-opted into spamming by viruses and worms.
Lycos chooses its targets by reviewing lists of suspect sites identified by independent spam monitors such as SpamCop. The company said it checks each manually to make sure it genuinely carries products promoted by spam, though Oberbeck acknowledged the risk of going after a legitimate site that has been hijacked by a spam-spewing site.
He said Lycos takes care not to crash spam servers altogether, ensuring that they will never go below 5 percent bandwidth. Thus, he said, the offensive isn't the same as denial-of-service attacks commonly used by hackers to incapacitate Web sites.
Cyberspace activism - such as virtual sit-ins in which computer users gang together and use automated tools to flood a Web site - is not entirely new, said Dorothy Denning, a professor of defense analysis at the Navy Postgraduate School in Monterey, Calif.
But in this case a for-profit company is the driving force.
"The interesting question is whether or not that company might be liable under some law, and would probably be liable, certainly, at least under a lawsuit by the spammers," she said.
Denning believes any impact on spamming will be minor at best. Though spam sites have to pay for bandwidth required for the extra traffic, she said, "the cost off adding extra bandwidth may be worth the reward that comes from spamming."
So ask yourself if attacking a few real decent companies is worth attacking some spam sites before you download this screen saver.
Namaste,
Brian
iWon News
Lycos Offers Spam-Server Attack Program
Nov 30, 9:50 PM (ET)
By DANIEL WOOLLS
MADRID, Spain (AP) - At the risk of breaching Internet civility, a European Web portal is offering its visitors a weapon against spam: a screensaver program that tries to choke spam servers by flooding them with junk traffic.
As of Tuesday, about 65,000 people have signed up for the controversial tool from the German-based Lycos Europe, whose sites get 20 million users monthly.
The company insists the technique is legal - it says the culprit servers are simply choked a bit, not completely asphyxiated - and dismissed concerns that its "Make Love not Spam" offensive can further clog the world's digital pipeline.
Still, computer experts are worried.
"You don't stop a bad thing by being bad yourself," said David Farber, former chief technologist at the U.S. Federal Communications Commission. "The idea of somebody coming and hitting you and you hitting back, you both end up very hurt. It just aggrevates an already serious problem."
When a computer with the free Lycos screensaver is idle, the program sends junk commands to Web sites identified by Lycos as selling products pitched in spam. When done in masse, this eats up precious bandwidth, causing the sites to overload and slow down.
The goal, said Lycos Europe spokesman Kay Oberbeck, is to "show the owners of such spam Web sites that there is massive interest of thousands of users who are not willing to just give up against more and more spam each day."
The targets generally are not the servers used to do the actual mailings; these days, those servers are most often legitimate ones co-opted into spamming by viruses and worms.
Lycos chooses its targets by reviewing lists of suspect sites identified by independent spam monitors such as SpamCop. The company said it checks each manually to make sure it genuinely carries products promoted by spam, though Oberbeck acknowledged the risk of going after a legitimate site that has been hijacked by a spam-spewing site.
He said Lycos takes care not to crash spam servers altogether, ensuring that they will never go below 5 percent bandwidth. Thus, he said, the offensive isn't the same as denial-of-service attacks commonly used by hackers to incapacitate Web sites.
Cyberspace activism - such as virtual sit-ins in which computer users gang together and use automated tools to flood a Web site - is not entirely new, said Dorothy Denning, a professor of defense analysis at the Navy Postgraduate School in Monterey, Calif.
But in this case a for-profit company is the driving force.
"The interesting question is whether or not that company might be liable under some law, and would probably be liable, certainly, at least under a lawsuit by the spammers," she said.
Denning believes any impact on spamming will be minor at best. Though spam sites have to pay for bandwidth required for the extra traffic, she said, "the cost off adding extra bandwidth may be worth the reward that comes from spamming."
1 Comments:
Hi Brian,
That's an interesting article, but I believe it is a very bad idea.
Not only are all sites listed by SpamCop not proven to be real spammers, but there is no protocol for getting removed from their listing if you are falsely reported, if my memory serves.
I once had a site on a server that shared an IP address with someone who was listed as a spammer -- although it was never proven -- and I went through several weeks dealing with an issue that never should have involved me in the first place.
As annoying as spam is, this proposed solution is just as annoying.
Last summer, my patience finally came to an end when I spent 18 hours downloading spam one day. 18 hours! Yes, I'm on a slow dial-up access, but I remember when downloading my email took a couple of minutes. So, I enabled SpamAssassin on all my domains and sent all email that was addressed to a non-existent address on my domain to the electronic blackhole. Poof! Gone.
Bouncing it back to the sender wasn't serving any purpose, because most of the headers were forged. That just annoyed people who had nothing to do with it in the first place. I get lots of email bounced to me that I never sent in the first place because the various virii and worms forge my address -- which has been listed on many websites for several years. Obvious spam should just be blackholed and forgotten.
If someone is playing music too loud late at night, does it make it any better if we start playing our music too loud? It just makes a bad situation worse.
Bad manners are not excused by being a response to others' supposed lack of manners.
I hope this spam-server attack program is a flash-in-the-pan that disappears very quickly.
Yes, spam needs to be dealt with, but this, in my opinion, is not the way to do it.
Thanks for posting this.
All the best,
JD
Post a Comment
<< Home