Lycos should send its zombie army home

Lycos' latest wheeze, 'Make Love not Spam' is an absurd, and possibly illegal, publicity stunt. We hope it goes away soon
Written by Leader , Contributor
We all hate spammers, and few of us would shed a tear should some unfortunate fate befall them. Our knee-jerk reaction, therefore, is to laud Lycos for developing its screen saver that launches distributed denial-of-service attacks against known spam sites.

After all, says Lycos, it is not a misdemeanour. We are justified. Just look at the harm that spammers do! They're monsters.

To combat them Lycos is raising its own army. You can almost smell the oily smoke from the burning rags as the masses, led by Lycos, advance with burning torches on Boris Karloff. Only this time, the masses are zombie PCs controlled by Lycos' 'Make Love Not Spam' screensaver.

Had Mary Shelley replaced vengeful villagers with randy zombies, the outcome really doesn't bear thinking about. Really it doesn't. Similarly, Lycos' latest wheeze should be dismissed as an absurd publicity stunt at best.

Lycos defends its action by saying that what it is doing is not a denial-of-service attack, but an attack on the bandwidth of the spammers. There may well be some technical truth to this, but the fact is that attacking bandwidth is what, in effect, denial-of-service attacks do.

However bad the crime of the spammers, launching distributed denial-of-service attacks is illegal in many countries. As Steve Linford eloquently pointed out, you can't break into a thief's house just because he breaks into yours. It won't wash in front of the judge.

We're sure that Lycos will have consulted its lawyers before embarking on this adventure, but then the follies of big business never cease to amaze us. This strategy, we have to say, is indeed a folly.

Not only is Lycos in danger of breaking laws, it is in danger of lending credibility to the notion that DDoS attacks are OK if you're the good guy -- which of course you are -- and you're launching it against someone who, well, just deserves it. Regardless of the semantics of whether what Lycos is doing really is a denial-of-service attack, when you attack the bandwidth of one computer on the Internet, you effectively attack the bandwidth of all computers.

The aim of security professionals should be to mitigate denial-of-service attacks, not propagate them. Lycos needs to put its randy zombie army back in its pants and stop being so trigger happy.

Editorial standards