Lycos, spammers trade blows over screen saver

The screen saver uses computer downtime to swamp sites associated with spam

Lycos Europe NV is caught in a tit-for-tat struggle with spammers just days after releasing a free screen saver program that uses computer downtime to swamp Web sites associated with spam campaigns.

At least one Web site targeted by Lycos' "Make Love, Not Spam" program,, has changed its Web page, forwarding requests it receives to, a Web domain that distributes the software, according to Helsinki-based F-Secure Corp. The escalating war with spammers comes amid mounting criticism of the screen saver from antispam experts and a crackdown by Internet service providers on the program.

Lycos launched the "Make Love, Not Spam" screen saver yesterday (see story), but it was circulating a beta version of the software before that. The screen saver promises to "spam the spammer" by sending a steady stream of requests to a list of Web sites that have been used in spam campaigns, slowing those sites. The list of sites to attack is downloaded by the screen saver from a control server operated by Lycos.

Charges quickly surfaced that Lycos was crossing the line by launching a distributed denial-of-service (DDOS) attack, which is illegal in the U.S. and most European countries. The antispam campaign also prompted quick retaliation from unknown parties, including a reported hack of the Web site.

Lycos denied that its Web site was hacked and stated that the program doesn't launch DDOS attacks, because the company is careful to avoid completely shutting down the sites it targets. Lycos didn't respond to requests for comment for this story.

The Web page was changed to contain an HTML Meta Refresh tag that forwards all requests to view the page to, effectively using the screen saver to launch attacks on Lycos' Web site, F-Secure said. Requests for were still being forwarded to this morning.

More troubling for Lycos, some service providers are blocking traffic to the server that controls the screen saver, according to Johannes Ullrich, chief technology officer at the SANS Institute's Internet Storm Center.

Internet service providers are treating Lycos' network of machines running the "Make Love, Not Spam" screen saver in the same way they treat "botnets" of compromised systems that are controlled by malicious hackers or online criminal organizations and that are often used to distribute spam or launch DDOS attacks, he said.

"The [Make Love, Not Spam] application isn't really all that well thought out. In a way, it's doing a DDOS attack, and DDOS attacks are always a bad thing, because there are always innocent bystanders who get hit as well," he said.

"I would have to characterize it as an astonishingly stupid idea," said John Levine, co-chair of the Internet Research Task Force's Antispam Research Group.

Legal questions aside, the "spam the spammers" approach won't work, because those behind unsolicited commercial e-mail campaigns can quickly take down and move Web sites referred to in spam. The "Make Love, Not Spam" program also consumes bandwidth and resources from the networks and service providers that serve machines running the software, not just from spammer networks, Levine said.

"This program steals bandwidth from a lot of people who had no intention of playing junior DDOS cop," he said.

Ullrich and others said they consider the "Make Love, Not Spam" program a publicity stunt more than a well-planned antispam campaign. "This is like a lame idea that a college kid would think of, not something a serious company would do," Levine said.

Resistance from Internet service providers may bring a quick end to the "Make Love, Not Spam" campaign. "My guess is that they won't be able to sustain this very long, once legitimate networks have figured out who is controlling [the machines running the screen saver] and start blocking access to that host," Levine said.


Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon