Lycos denies attack on zombie army

Lycos denies attack on zombie army

Summary: Last night's defacement of Lycos' 'make love not spam' Web site was a hoax, the company claimed

TOPICS: Security
Internet portal Lycos has denied its 'make love not spam' Web site was hacked into and defaced last night.

The company said that email reports that contained an apparent mirror image of the Web site when it was hacked were a hoax generated by the spammers.

"This is a hoax," said Malte Pollmann, director of communication services for Lycos. "We have obviously reached our goal and are getting to the spammers. On our servers we don’t have any logs of an attack. No one was able to verify that. I wouldn't be surprised if [the screensaver] causes this in the future. We have a couple of port scans, but that's normal."

The Web site was reported to have been inaccessible for some time last night and an email was sent to security company F-Secure with what appeared to be a mirror image of a defacement of the site that read:

"Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."

Lycos launched its 'make love not spam' campaign, which offers users a screensaver that helps to launch distributed denial-of-service (DDoS) attacks on spammers' Web sites, on Monday. The company said the screensaver uses the idle processing power of a computer to slow down the response times from spammers' Web sites -- much in the same way spammers use compromised PCs to distribute unsolicited email messages.

But Lycos also denied it was using denial-of-service attacks.

"I have to be very clear that it's not a denial-of-service attack," said Pollmann. "We slow the remaining bandwidth to 5 percent. It wouldn't be in our interests to [carry out DoS attacks]. It is to increase the cost of spamming. We have an interest to make this, economically, not more attractive."

Head of international spam fighting organisation Spamhaus Steve Linford said that by attacking spammer bandwidth, Lycos could inevitably be attacking innocent users' bandwidth too.

But Pollmann sidestepped the question of doing this: "We want to hit targeted bandwidth. We are selecting spammers form blacklists. We verify every address. Professional spammers run on very dedicated media."

Finnish antivirus firm F-Secure yesterday warned users not to participate in Lycos' campaign because it might involve "possible legal problems".

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Go to Click on the Make Love Not Spam link and it takes you to, which is broken. Shorten it to and you get a page displaying "Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action. ". I think the joke is on Lycos.
  • The fact of the matter is that the ISP's have begun to put "blackholes" in place. I'm seeing most of the clients as "dead" since the controller machines in Sweden are being prevented from recieving the client traffic from many ISPs.

    The clients do not cache the target list, they must speak to the controller.

    Also, it appears that the hand washing claim is suspect at best. There's some evidence out there that suggest this is an automated feed from one of the big SPAM Black Lists.
  • Is vigilante suddenly cool?

    Can we beat up shop lifters and DOS attack servers freely now based on our own presumptions and findings?

    I honestly thought it was April 1st when I read about Lycos DOS attacking servers, to the rest of the world that's illegal, I thought?

    I'm as much against spam as all the rest of us but that's not the point (I'm also against DOS attacks, by the way).

    I've worked as an Internet professional for 9 years and I reckon this is about the worst I've ever heard and I hope that at least some of you feel the same way.

    Thanks for reading...
  • It does look like they are in Denial of hacking.
    It is interesting if you run lynx (text browser on unix) you can get further.
  • But is it really Lycos?
    Domain Name:

    [Owner of domain name]
    Starring Ltd AB
    Kungsgatan 6
    Stockholm, 111 43

    [Administrative contact]
    Starring Ltd AB
    Kungsgatan 6
    Stockholm, 111 43

    Phone: +46 8 6144600
    Fax: +46 8 6144610

    [Technical contact]
    Eurovator AB
    Grev turegatan 51
    Stockholm, 114 38

    Phone: +46 8 6507100
    Fax: +46 8 6507140

    Record created: 22 SEP 2004
    Record last changed: 22 SEP 2004
    Record expires: 22 SEP 2006
  • Hi,
    I don't care what they call it, but we need to find a way to dis-enchant these people. I don't want their emails, either to beg for money or push me to buy their items...and I don't want their junk on my computer, taking up disk space, and creating myriads of holes when I delete the things.
    Go for it!!! I will be happy to participate in this experiment...using ALL of my computers.
    This is the best thing since "Bouncing" of emails was developed....which I see is now gotten around by using bogus originating addresses so they don't get the emails back. Seems to me those addresses (correct ones) were a requirement of emails....much like Faxing requires the correct originator's phone number...
    I will tell all my friends to use this Screensaver.....until the laws simply relegate this type of offensive behaviour as ILLEGAL....and don't bother me about my actions to retaliate....I've had enough...I will fight with whatever tools I can get my hands on....
    'Nuff said
  • While I dont condone Lycos for what is in princible, a DDoS that they judge as legitemate, I think you have to consider the opinion of many users on the Internet.

    For many of us, spam is a scurge, a blotch in our e-mail boxes, a tide of junk in the filters and a flood of popup windows. These sites that MAKE money by doing this are making money ANNOYING people

    . Futhermore, many of them I have seen install covert Spyware/Adware, and some are even imitated/used virus attacks. AdAware, Firefox and McAfee have thus far kept my sanity intact...

    A DDoS is a really screwed up thing to do, and much of it is done by the very viruses spread by spam. In this case, Lycos is simply fighting back and I say ,
    Fight Fire with Fire

    Go Lycos.
  • Well thiis may or may not be right, but i still think that lycos was justified in doing this.

    I've had enough of spammers, and i say do so by whatever means. Somehow i have a feeling that spammers dont play nice.