Security threats Toolkit

Lycos army shoots itself in foot?

Dan Ilet ZDNet.co.uk

Published: 02 Dec 2004 17:30 GMT

Lycos may accidentally have launched a denial-of-service attack against its own anti-spam campaign Web site, "Make Love Not Spam".

According to security company F-Secure on Thursday, one of the Web sites Lycos targeted in its zombie army attack -- www.mortgage.info -- redirected traffic back to www.makelovenotspam.com. This means that Lycos could have targeted its own Web site.

"The fact that the spammers re-routed the page shows they are fed up," said Mikko Hypponen, director of antivirus research at F-Secure. "But I think Lycos is not going to keep this up for long. It's certainly a pest, but it's not the grown-up way. We think this is not the right way to fight back and we advise users not to get involved."

The security company said that the mortgage.info Web site administrator put a meta refresh tag in its Web site, which redirected traffic back to Lycos.

Lycos did not respond to requests for comment on the issue.

F-Secure added it had received three independent reports from users who saw the Lycos Lycos Web site defaced yesterday. The company said the hackers may have used DNS poisoning -- a method of Web site misdirection -- to fool users into thinking they had defaced the site, when in fact they were looking at an entirely different Web page. Yesterday Lycos denied its servers had been attacked, which could suggest that both companies are correct.

Lycos' 'Make love not spam' campaign was reported to have killed access to some of the Web sites it was targeting.

Internet monitoring firm Netcraft said that Lycos took offline two Web sites hosted in China.

Lycos said yesterday its intention was not to carry out DDoS attacks, but to slow the bandwidth of its targets. It added it had no intention of taking Web sites offline.