Lycos Europe Pauses Anti-spam Efforts

Lycos Europe’s controversial anti-spam efforts had a bumpy first week, with various availability problems, some of which may have been caused by the same spammers the site targeted with distributed denial of service (DDoS) attacks.

The company earlier this week launched a campaign that offered users screen saver software, “Make Love, Not Spam,” to fight back at spammers. The distributed computing application activates when the user’s machine is not being used, continuously generating traffic on the sites of alleged spammers, slowing them down and making them more difficult to operate.

The effort has been widely criticized for crossing the line from combating an illegal activity — spam — to supporting and even enabling a different one — DDoS attacks.

The site has been periodically unavailable for much of the week. Presently, the site has been replaced with a placeholder graphic that simply says, “stay tuned.” Links from the Lycos Europe home page have also been taken down. Lycos attributes the problems to overwhelming demand from users wanting to download the application.

Net monitoring site Netcraft reports that some major Internet backbones, including Global Crossing, are preventing access to the site, which would make the site inaccessible in certain areas.

According to security company F-Secure, the cause may be at least partly attributable to redirected traffic from Lycos’ own DDoS attacks. At least one of the alleged spammers’ sites that were targeted redirected all its traffic back to the “Make Love Not Spam” site, according to F-Secure.

F-Secure also reported that the site has been the victim of defacements. F-Secure received reports from several users that the site had been altered to read “Yes, attacking spammers is wrong, you know this, you shouldn’t be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.” The title of the page was changed to read “using bots to attack people is just wrong.”

Lycos and its hosting company deny that the site was defaced, so F-Secure’s research team says the defacement could be the result of certain ISPs blocking users access to the site, or a “DNS poisoning” attack, where a malicious attacker floods a domain name server with DNS requests and fake responses to them, ultimately causing users behind a specific DNS server to access the wrong site.

If the site was indeed hacked and defaced, that could raise security concerns, according to Netcraft. “An intrusion by hackers would be a serious concern for an operation that controls an army of computers with DDoS capabilities. The site has been unreachable today, which could be related to traffic from Slashdot rather than a counterattack,” according to Netcraft’s site.

While the company designed the software to stop its attack before a site was brought completely down, that apparently hasn’t happened in some cases, since some of the targeted sites have reportedly been fully knocked out of commission.

“Monitoring of three of the targets housed on Chinese servers shows that two of the sites, and, have been knocked offline by the attack. A third target,, has remained largely available, with intermittent outages,” according to Netcraft.

Related reading