Security threats Toolkit

Lycos zombie army takes Web sites offline

Dan Ilet ZDNet.co.uk

Published: 02 Dec 2004 12:15 GMT

Web portal company Lycos's 'Make love not spam' campaign has killed access to some of the Web sites of its target spammers as the result of denial-of-service attacks.

According to Internet traffic monitoring company Netcraft, Lycos successfully took offline two Web sites hosted in China, bokwhdok.com and printmediaprofits.biz.

Netcraft's Web site said: "A distributed denial-of-service (DDoS) attack launched by users of Lycos Europe's MakeLoveNotSpam.com screensaver has succeeded in crippling several spammer sites, but some of the targeted sites remain available."

Lycos was unavailable for comment on the matter, but said yesterday it was not carrying out DDoS attacks, just slowing the bandwidth of its targets. It added it had no intention of taking Web sites offline.

"I have to be very clear that it's not a denial-of-service attack," said Malte Pollmann, director of communication services for Lycos. "We slow the remaining bandwidth to 5 percent. It wouldn't be in our interests to [carry out DoS attacks]. It is to increase the cost of spamming. We have an interest to make this, economically, unattractive."

Yesterday, Lycos denied claims that it was hit by hacker attacks, but several reports, including one from Netcraft, have alleged that the 'Make love not spam' Web site was unavailable at several intervals. There is, however, no conclusive evidence either way on whether the defacement was a hoax or not.

Lycos launched its campaign earlier this week, offering users a screensaver that uses idle processing power of their computers to slow down bandwidth that connects to spammer's Web sites.

Head of international spam fighting organisation Spamhaus Steve Linford said that by attacking spammer's bandwidth, Lycos could be attacking innocent users' bandwidth.