Just days after Lycos Europes launch of an anti-spam DDoS tool raised eyebrows in the security space, the company appears to have scrapped the campaign.
Earlier this week, the company released a downloadable screensaver programmed to launch distributed denial-of-service attacks against known spam sites, but the move sparked a shooting war with spammers and attracted condemnation from security researchers.
On Friday, Lycos Europe gave up the ghost, posting a “Stay Tuned” note on the MakeLoveNotSpam.com Web site it was using to distribute the screensaver. The Lycos Europe home page, which heavily promoted the screensaver all week, was also scrubbed clean of any references to the screensaver.
Company officials did not respond to requests for comment, but security experts were not mincing words.
“I find the anti-spam downloadable DDoS tool to be without a doubt irresponsible, possibly illegal, sets a really bad precedent, gives the wrong impression to users, and possibly the dumbest thing I have heard of this week,” said Adrien de Beaupre, an incident handler with the SANS Internet Storm Center (ISC).
“I can summarize my thoughts into a single word. Dumb. With a capital D,” de Beaupre told eWEEK.com.
Dan Goldberg, a senior security analyst with MADJiC Consulting Inc., described the Lycos Europe move as “vigilantism” and said the use of questionable tactics to deal with a security risk created more problems that it solved.
“In this case, it only causes traffic saturation. Its a noble gesture to fight back against spammers, but when you try to take down a spam site, a lot of innocent people get caught in the crossfire. As a big company, Lycos has to be more responsible than that,” Goldberg said.
/zimages/3/28571.gifClick hereto read about Microsofts lawsuits against spammers who allegedly sent millions of sexually explicit e-mails to Hotmail users.
Evidence of a shooting war in cyberspace was uncovered by anti-virus vendor F-Secure. The company reported that one of the spam sites under attack by the Lycos screensaver simply added a Meta Refresh tag that redirected all incoming traffic back to Lycos.
“As an end result, depending on how the Lycos client works, the screen savers downloaded from MakeLoveNotSpam.com might be attacking the download site itself,” F-Secure said in a notice.
Although the Lycos site is no longer offering the screensaver, MADJiC Consultings Goldberg says its likely the DDoS attacks against the spammers will continue for some time.
“The software is out there. People have downloaded it and shared it with their friends and family. Its being used and will continue to be used,” he said.
/zimages/3/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.