Tuesday, December 7, 2004
EUROPE — Lycos Europe has ended its anti-spam operation: “Make Love Not Spam.” A company spokesperson said the objective of the time-limited campaign was to raise people’s awareness. The reasons why it ended the campaign was variously reported and speculated in media. The operation, while fairly popular, suffered unexpected troubles and drew criticism from security experts and others from the start.
The company started distributing a screensaver on November 29, 2004 on makelovenotspam.com. Once installed, the computer would send HTTP requests to spammers’ servers when not in use. The intent was to raise the running costs of those servers. Lycos coordinated these requests by choosing targets from lists generated by organizations such as Spamcop.com. The servers were monitored so as to keep them under heavy load, but alive.
Security experts roundly criticized the program. Steve Linford, director of a non-profit anti-spam organization SpamHaus, and Graham Cluley, a senior technology consultant of Sophos, pointed out that lowering moral standards to fight spammers was not a good idea. The legality of attacking the servers was also debated since it resembles “Distributed Denial of Service” attacks (DDoS), except that Lycos did not completely shut down the target servers.
Other troubles arose. The day after the campaign was launched, there was an alleged takeover of the web site’s top page by a cracker. The page was replaced with a warning against the use of the screensaver, according to a screenshot sent via email to the Finnish security firm F-Secure. A Lycos spokesperson said that the screenshot was a hoax: there was no trace of intrusion in the server log and the site was simply unavailable due to a high demand.
Some Internet service providers blocked either the traffic to Lycos-Europe, or the requests generated by the screensaver.
Next, one of the targeted sites redirected all traffic to the Lycos’ server, making Lycos itself a target. The company had maintained that its server was immune from the attack. Lycos stopped distributing the program on December 3, 2004 and asked clients to “stay tuned.” The company later ended the program.
On December 6, F-Secure reported a virus email disguised as the anti-spam screensaver. When its attachment (a zip file) is opened, it self-extracts and installs a “Trojan horse” –harmful program disguised as legitimate software. The Trojan horse was set up to monitor keystrokes in order to steal passwords, bank account numbers and other important information.
Lycos’ software had been downloaded more than 100,000 times by the end of the campaign.