Lycos Europe waged war against spammers earlier this week but the ensuing battles have now resulted in it withdrawing its controversial Web site that offered an anti-spam screensaver, replacing it with a graphic that urges visitors to “stay tuned!”
Lycos Europe announced on Monday it had created a downloadable screensaver aimed at putting spammers out of business and made the tool available through its MakeLoveNotSpam.com Web site.
The screensaver flooded spammers’ Web sites with requests for data. The theory was that a very large number of requests sent at the same time would slow response time and result in increased bandwidth costs for spammers.
It didn’t take long — just a couple of days — before newfound Lycos Europe enemies organized a multi-pronged attack with delirious affects that forced Lycos to turn tail and run to another URL, according to Netcraft, a network-security services company in Bath, England.
Why the Retreat?
Security firm F-Secure reported one aspect of the counterattack. It said that Moretgage.info, a spammer site that used to sell cheap mortgage loans, added a “meta refresh tag” on its front page that redirected traffic to Lycos Europe’s screensaver site.
Netcraft reported another aspect that might have caused the retreat. It said telecommunications services provider Global Crossings and cable operator Cox Communications appeared to have blocked access to the Lycos Europe site yesterday.
“Global Crossing’s Acceptable Use Policy prohibits denial of service attacks,” reads a company statement. “As a result, we have ‘black holed’ the Lycos Europe Web site, which issues instructions to the clients participating in these attacks. ‘Black holing’ means we are not carrying any traffic to or from that Web site on our network.”
Knock Out Punch?
If these attacks didn’t cause a black eye, the next spammer offensive gave it another good shot by defacing the Lycos Europe site.
F-Secure reported that spammers replaced the home page with a screen that read, “Yes, attacking spammers is wrong, you know this, you shouldn’t be doing it. Your IP address and request have been logged and will be reported to your ISP for further action.”
The attack-counter attack brings up serious legal questions, according to Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat intelligence firm.
Wild, Wild West
Dunham told the E-Commerce Times that Lycos Europe’s screensaver certainly goes into the arena of counter attacks, an increasing issue of concern and discussion this year in light of Symbiot’s iSIMS tool introduced in March to overtly attack offenders in a variety of ways.
“The question is: should we engage in a vigilante type of justice system much like the Wild West once was or should we not?” Dunham asked. “In the Wild West, everybody did what was right in his own eyes, and that was not always in the best interest of the community at large.”
Dunham said the Lycos Europe controversy pushes the envelope and will force the industry to better clarify what is a DDoS attack and what is ethical in terms of defending Internet properties from spammer and other attacks.
Lycos reportedly denied the event, but could not immediately be reached for comment on this or other issues.