Lycos denies attack on zombie army

Last night's defacement of Lycos' 'make love not spam' Web site was a hoax, the company claimed
Written by Dan Ilett, Contributor
Internet portal Lycos has denied its 'make love not spam' Web site was hacked into and defaced last night.

The company said that email reports that contained an apparent mirror image of the Web site when it was hacked were a hoax generated by the spammers.

"This is a hoax," said Malte Pollmann, director of communication services for Lycos. "We have obviously reached our goal and are getting to the spammers. On our servers we don’t have any logs of an attack. No one was able to verify that. I wouldn't be surprised if [the screensaver] causes this in the future. We have a couple of port scans, but that's normal."

The Web site was reported to have been inaccessible for some time last night and an email was sent to security company F-Secure with what appeared to be a mirror image of a defacement of the site that read:

"Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."

Lycos launched its 'make love not spam' campaign, which offers users a screensaver that helps to launch distributed denial-of-service (DDoS) attacks on spammers' Web sites, on Monday. The company said the screensaver uses the idle processing power of a computer to slow down the response times from spammers' Web sites -- much in the same way spammers use compromised PCs to distribute unsolicited email messages.

But Lycos also denied it was using denial-of-service attacks.

"I have to be very clear that it's not a denial-of-service attack," said Pollmann. "We slow the remaining bandwidth to 5 percent. It wouldn't be in our interests to [carry out DoS attacks]. It is to increase the cost of spamming. We have an interest to make this, economically, not more attractive."

Head of international spam fighting organisation Spamhaus Steve Linford said that by attacking spammer bandwidth, Lycos could inevitably be attacking innocent users' bandwidth too.

But Pollmann sidestepped the question of doing this: "We want to hit targeted bandwidth. We are selecting spammers form blacklists. We verify every address. Professional spammers run on very dedicated media."

Finnish antivirus firm F-Secure yesterday warned users not to participate in Lycos' campaign because it might involve "possible legal problems".

Editorial standards