Accusations of a breach of Internet civility and a kind of cyber-vigilantism preceded Lycos Europe deciding to end a spam-fighting campaign December 3.
Security experts reportedly complained Lycos could end up harming legitimate Web sites through the campaign’s practice of distributing a screensaver program aiming to overwhelm servers Lycos defined as spam servers. But Lycos is denying those complaints were the reason to end the campaign.
Called "Make Love, Not Spam," the campaign was supposed to be a temporary operation, according to Lycos Europe spokesperson Kay Oberbeck, who said the company stopped it only because Lycos was satisfied the campaign raised enough spam awareness and discussion.
When launching the anti-spam screensaver in late November, Lycos thought they'd hit on a perfect anti-spam technique.
"We've never really solved the big problem of spam which is that its so damn cheap and easy to do," Lycos Europe's Malte Pollmann said at the time. "In the past we have built up the spam filtering systems for our users," he said, "but now we are going to go one step further. We've found a way to make it much higher cost for spammers by putting a load on their servers."
Published reports indicated about 100,000 people downloaded the free anti-spam screensaver, which sent fake traffic to alleged spam sites when it was idle, thus driving up the bandwidth costs for site operators. The intended targets were not servers doing the actual spam mailing but Web sites touting products usually advertised by spam.
The problem was that legitimate Web sites might have been knocked down in the process. Internet monitoring company Netcraft told reporters two such sites got taken down by the screensaver's fake traffic. Lycos has insisted the sites in question – which weren't named – had not been on the Lycos anti-spam target list the day Netcraft checked them out, though that assertion could not be verified as an actual fact.
F-Secure, the Finnish anti-virus and security firm, had actually advised against using the Lycos screensaver in the event of legal problems, since the screensaver's fake-trafficking may also have stood prone to being reported as a distributed denial-of-service attack itself. Graham Cluley, the senior technology consultant for Net security firm Sophos, agreed.
"Attacking a spammer's Web site is like poking a grizzly bear sleeping in your back garden with a pointy stick," Cluley told reporters. "Not only is this screensaver similar in its approach to a potentially illegal distributed denial-of-service attack, but it also is in danger of turning innocent computer users into vigilantes, who may not be prepared for whatever retaliation the spammers care to dream up."
Earlier in the week, Lycos had to fend off rumors that the "Make Love, Not Spam" Web site the portal set up to promote the anti-spam screensaver was hacked. Other reports indicated some users of the site got a message back saying, "Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."
