This story appeared in the January/February 2005 issue of Web Host Industry Review magazine. Click here to subscribe for free.
January 31, 2005 -- (WEB HOST INDUSTRY REVIEW) -- There is little doubt that Europeans, just like everyone else in the world, are annoyed by spam. There was no shortage of doubt, however, when Lycos Europe (lycos-europe.com) unveiled its own answer to the spam surge with its "Make Love Not Spam" screensaver application in late November. Designed to give spammers a dose of their own processed meat, the effort quickly snowballed out of control, and out of favor with security experts and spam fighters.
It is not hard to see how the seemingly vigilante approach actually made its way to European users, who were encouraged by Lycos Europe to "annoy a spammer now!" with the screensaver. The company was following a get-tough pattern set by other players including Microsoft and Yahoo!, which have offered bounties for virus writers and sued individual spammers and their associates. However, whenever the virus for a virus, spam for spam approach is applied, security and infrastructure experts warn that things tend to take on a life of their own once unleashed on the Internet. Perhaps it was an ill-timed solicitation for male enhancement, a rash of customer complaints or just sheer annoyance that the bulk of email Lycos was handling was unsolicited. Whatever the reason, Lycos Europe aggressively launched its spam slam and unleashed its technology, described by some as a denial of service tool and a "zombie army," on the Internet.
The "Make Love Not Spam" screensaver was designed to bombard the Web sites linked in spam emails. The thinking was the more spam going out for a URL, the more jamming requests the screensaver would send. It did not take long, however, before the screensaver was serving up controversy. First there were reports that makelovenotspam.com had been hacked and defaced by attackers who warned it was wrong to launch the DoS-like attacks. Lycos Europe denied the reports, saying it had been the victim of a spoof that was making the email rounds. The warning that it was wrong to attack spammers turned out to be a measure from Internet providers such as MCI that were looking to avoid involvement in the effort, according to Netcraft, which indicated backbone providers were blocking the screensaver soon after its release.
That did not stop users from downloading the screensaver, which had been previously released in beta. Lycos Europe indicated nearly 100,000 screensavers were out and ready to strike back against spam as it began the campaign. Netcraft, which reported the screensaver had been downloaded more than 110,000 times in the week before it was pulled off the Internet, said its analysis showed two sites targeted by the screensaver had been effectively knocked offline, or at least were unavailable, as a result of the tool's requests.
There was certainly no sympathy for spammers and the sites they were promoting. However, experts warned that Lycos Europe might have been infringing on laws against launching DoS attacks. The company maintained that it was simply degrading the performance of the sites and was not shutting anything down. Nevertheless, the company did at the very least pick a fight with some technically sophisticated, socially limited enemies in spammers. Industry observers agreed the company was making itself more of a target.
In fact, before Lycos could pull its screensaver and cease its "Make Love" effort, the screensaver had become the basis for a Trojan scam ? which instead of a spam-slowing screensaver, it was actually a keylogger capable of stealing passwords and other information. When it came time to pull back on the collar of the screensaver, Lycos Europe was unrepentant, indicating that it was ending the campaign because it had accomplished its objective of raising awareness and focusing discussion on anti-spam measures.
Basex president Jonathan Spira ? whose New York-based research and consultancy firm estimates 75 percent of all email is spam, phishing or virus-related ? says there are many things service providers can do to slow or prevent spam. He says spam-fighting technology has evolved dramatically over the past year, and providers are now protecting networks with appliance-like solutions. However, the analyst, like many, was critical of the Lycos Europe approach.
"As soon as someone looked at it and said I can't believe what we've done, they probably decided to put the Frankensteinian monster back in the castle," Spira said. "There's never hope for vigilantism. This isn't the wild wild West. It just puts more junk on the ?Net, which we can ill afford."
