Lycos anti-spam site hit by hackers

Lycos anti-spam site hit by hackers

Summary: The 'make love not spam' site has been taken down, possibly by a DDoS attack

TOPICS: Security

Spammers are suspected of hacking into and downing Lycos's anti-spam Web site just hours after it went live. The Web site is currently inaccessible and could also be the victim of a DDoS attack.

Lycos on Tuesday kicked off its "make love not spam" campaign by offering users a screensaver that helps to launch distributed denial-of-service (DDoS) attacks on spammers' Web sites. The company said the screensaver uses the idle processing power of a computer to slow down the response times from spammers' Web sites - much in the same way spammers use compromised PCs to distribute unsolicited email messages.

However, within hours of the site being launched, the original front page was replaced with a simple message:

"Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."

Finnish antivirus firm F-Secure, which advised users not to participate in Lycos' campaign because of "possible legal problems", suspects the site has been hacked by a pro-spam group because "they definitely would have a motive to attack the site".

F-Secure reported that the Web site had returned to normal by around 6 a.m. (Sydney time) but at the time of writing was unavailable and could be under a retaliatory DDoS attack.

Earlier this year, Symbiot, a Texas-based security firm launched a corporate defence system that was designed to fight back against DDoS and hacker attacks by launching a counter-strike.

At the time, Symbiot's president Mike Erwin said that "totally passive" defences were "not an adequate deterrent" and argued that for complete defence an "offensive tactic must be employed".

Security experts were alarmed at the company's attitude and warned that such tactics could be counterproductive.

Jay Heiser, chief analyst at IT risk management company TruSecure, said Symbiot's proposal was a very bad criterion for choosing risk-reduction measures.

"There is no evidence that this is the most effective way to deal with the problems and there is quite a bit of historical precedence that indicates it is totally counterproductive," said Heiser.

Lycos was unavailable for comment.

ZDNet Australia's Munir Kotadia reported from Sydney. For more coverage from ZDNet Australia, click here.

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Is there anyone who wasn't expecting this?
  • I don't think so ;-)

    Noble sentiments by Lycos though :-)
  • Make Love Not Spam is back online. It was not hacked. I know.
  • lets face facts folks if we can M$ Corp and all the virus ware it produces then there would not be rubbish like outlook and family to spam with ..
    simple really get rid of the goat remove a good 97% of the problem..
  • however.
    its still criminal activity - self justice ?! -
    if there was only one site affected by the attack
    that was not involved in any way before...
    thin ice lycos is walking on.
  • I would like to congratulate Lycos for his action.
    It is more than late to stop with Spammers.
    After reading the statement on Lycos website, it is the same as dealing with a criminal, a criminal.