Jump to content

Make Love not SPAM (courtesy Lycos)


msealey

Recommended Posts

Within the last few days and set for public launch in Europe on December 1st www.makelovenotspam.com has appeared. Calling itself a 'Lycos portal' this free downloadable screensaver for OS9, OSX and Wintel politely queries known spamsites in rotation when active (behaves - from what I could see - like any other s/saver and activated in the same way) slowing them down but not in such a way as to constitute a DOS attack.

The site itself from which to download the small .dmg/.exe has been unreachable in the latter part of today (Nov 30) - but could obviously prove very powerful if used by enough people: the spammers want us to visit their sites to buy their crap. Let's go window shopping then!

Link to comment
Share on other sites

Possibly related thread:

http://forum.spamcop.net/forums/index.php?showtopic=3116

And check out Project Honeypot when you have a sec... a brilliant concept I first heard about on this board. I checked it out very carefully and think it's an effective way to begin taking back the net from spammers and hackers. This is the first approach I've seen so far that puts spammers on the defensive instead of end users - it may be the first example of how the otherwise flawed "Can-spam" act might actually do some good.

See: http://www.projecthoneypot.org

Link to comment
Share on other sites

And an interesting series of follow-up actions and reports now rebutted ....

Lycos denies attack on zombie army

"Last night's defacement of Lycos' 'make love not spam' Web site was a hoax, the company claimed

Internet portal Lycos has denied its 'make love not spam' Web site was hacked into and defaced last night.

The company said that email reports that contained an apparent mirror image of the Web site when it was hacked were a hoax generated by the spammers"

Link to comment
Share on other sites

That's very interesting...it shouldn't take this long to determine if the altered site was a mirror or the original. And they don't specify whose mirror it was: Lycos', a spammer's, or a cached site.

Personally, if I had a way to do it anonymously and without risk to myself, I'd do it. Anyhow, it's only a matter of time until someone finds a way to block the bogus messages.

Link to comment
Share on other sites

I just went to:

And I got the following: http://www.makelovenotspam.com/

"Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request have been logged and will be reported to your ISP for further action.

Also, note: This machine is not hacked, this page is returned for EVERY request. Thanks for noticing though."

What the [at]#$%#$ is that?

Pierre

Link to comment
Share on other sites

If one is to believe Pierre, then one would have to state that Pierre's system may be hijacked. Ignoring that a couple of posts above have links to Lycos.uk denial of exactly what Pierre states happened (noting also that no note is made of just how the URL was provided to Pierre)

12/01/04 17:06:17 Browsing http://www.makelovenotspam.com/

Fetching http://www.makelovenotspam.com/ ...

GET / HTTP/1.1

Host: www.makelovenotspam.com

<html>

<head>

<title>make LOVE not spam</title>

<meta http-equiv="refresh" content="3; URL=http://makelovenotspam.com/intl/index.html" />

which then leads to;

12/01/04 17:08:05 Browsing http://makelovenotspam.com/intl/index.html

Fetching http://makelovenotspam.com/intl/index.html ...

GET /intl/index.html HTTP/1.1

Host: makelovenotspam.com

var flashEnabled;

var flashVersion = 0;

var requiredFlashVersion = 6;

(enough to stop me right there)

if(lang == 'en')

u = 'http://secure.mail.lycos.co.uk/services/content/packs.jsp';

else if(lang == 'de')

u = 'http://secure.mail.lycos.de/services/content/packs.jsp';

else if(lang == 'es')

u = 'http://secure.mail.lycos.es/services/content/packs.jsp';

but see enough to indicate that the hijack doesn't exist at the time I looked at the pages(s)

Link to comment
Share on other sites

I cannot get to the page right now but I could yesterday.

A whois gives:

canonical name makelovenotspam.com.

addresses 213.115.182.123

Starring Ltd AB

Kungsgatan 6

Stockholm, 111 43

SE

Is this Lycos????

213.115.182.123:

inetnum: 213.115.182.64 - 213.115.182.127

netname: BB-CUST-STARRING

descr: advertising company

Is this Lycos????

Is this another Trojan now on hundreds of thousands of computers????

Call me paranoid but something smells fishy here.

Link to comment
Share on other sites

This should be moved to the lounge...........

20757[/snapback]

My apologies :-(

Have read all the posts here and I can see the legitimacy of two-wrongs-don't-make-a-right and am interested in F-Secure's assertion that this could make matters worse.

OTOH I get hundreds of emails a day asking me to go to spammers' websites.

I've decided to do as I'm invited - and pay them a visit. And Lycos is helping me.

Given the bandwidth limits built into the s/saver, what I'm doing is little more in terms of traffic than a lengthy session on Amazon.

With spam as serious a threat as it is and no government (least of all the US) really willing to tackle the menace, I'll take any effective port in a storm. Provided this does not adversely affect other users.

Link to comment
Share on other sites

OK. I know this may not be the best place to post this, but nonetheless I am so thrilled that I feel like spreading the news everywhere!

The folks at Lycos have really done a great job!

Go to http://www.makelovenotspam.com/ and see for yourself.

Install the screensaver and watch a map of the world as your computer "hits" spammers hosts. Looks like Missile Command (remember that arcade game?). This stuff is really cool!

It uses data from (you've guessed it!) SpamCop!

If enough of us join in, the hosting costs of these thughs ought to skyrocket. They normally get only 50 or so suckers day. Now they'll get hundreds of thousands of hits from computers all over the world running this screensaver.

Trust me on this one!

Spread the word!

Regards / Robertoff

Additional note: This was originally posted elsewhere and was moved here which is a more appropriate place. But still, it does sound out of context, so I added this explanation.

Link to comment
Share on other sites

I can't help but think this Lycos screensaver is just going to make life harder for those of us leigitmately using the Internet and our employers as well if we are using their Internet access.

All these screensavers gobbling bandwidth. I've already instructed my staff bot to install the screensaver as our ADSL bandwidth is more valuable to us (we're paying for it) than attempting to annoy spammers.

In any case these spammers will no doubt quickly create a technological way to avoid the problem leaving the wider Internet community to suffer slower speeds and general congestion.

This device can't go away too quickly in my view.

Andrew

Link to comment
Share on other sites

In any case these spammers will no doubt quickly create a technological way to avoid the problem leaving the wider Internet community to suffer slower speeds and general congestion.

You may be right Andrew, but meanwhile I think it might be fair to try this out for a few days. Personally I did, and fell in love with the stuff (In fact I'm switching back to Lycos. I had deserted them for Google, then for A9.com...)

Lycos is limiting to 3.4 Megs per day per PC, and only while idle. It shouldn't really generate that much additional traffic that would affect your DSL connection.

As to what can spammers do, well, blocking "hits" doesn't sound feasible. How can they know they are not blocking actual customers?

The screensaver sends random hits (as far as I can tell in my monitor) to various spamvertized URLs all over the world. The targets are chosen from Spamcop data which is very reliable as we all know...

This got way to long... sorry.

Link to comment
Share on other sites

I have yet to actually get to the site. Earlier, I got the defaced site; this morning all I get is "Cannot find server or DNS error". I would at least like to see the site in question. It seems unlikely that there is a best time to try, but I'll ask anyway:

Have you actually gotten to this site, and if so, when?

Link to comment
Share on other sites

this morning all I get is "Cannot find server or DNS error"

That's because some of the major backbones have decided to block all access to the site. Here's an article:

http://news.netcraft.com/archives/2004/12/..._backbones.html

Also, some large ISPs are also reportedly blocking access, such as Cox (my ISP).

I just connected to several Linux boxes on different backbones and tried to access the site and was prevented from doing so each time, whether I used the domain name or the IP address. I tried doing a Google Groups search on this topic, but Google is in the process of swithing between their long-time Beta version of Groups and a new version and their searches are producing 500-level server errors.

DT

Link to comment
Share on other sites

== snip ==

This device can't go away too quickly in my view.

I wonder what the spam::legit ratio is of those who disapprove of the few MBytes this shopping spree takes up (the spammers are asking us to visit their sites - we're doing so). Mine is 30:1 No-one else (except SPAMCop) is doing anything to help. Why not take up the offer to visit the sites whose details we receive so often?

Link to comment
Share on other sites

I think the breakdown would be more business/personal. Many (want to say most) business level internet access is charged per transferred data. I have 300+ machines behind my firewall and if each of them ran this software (and current policy does nothing to enforce not allowing installation), our internet access bill would increase greatly.

And just to let you know, I receive about 5 legit messages from the internet vs. ~125 spam caught by postini every day so my ratio is close to yours.

Link to comment
Share on other sites

I was able to find a download mirror of the MLNS screensaver:

http://www.kantor.com/blog/MLNS_screensaver_en.exe

However, in that the backbone folks are actively blocking traffic to and from the MLNS servers, the screen saver can't get the information it needs in order to function correctly.

BTW, Google Groups seems to be functioning now...I reported earlier that they were having problems due to their non-beta newsgroups interface finally going live.

DT

Link to comment
Share on other sites

I have yet to actually get to the site. Earlier, I got the defaced site; this morning all I get is "Cannot find server or DNS error". I would at least like to see the site in question. It seems unlikely that there is a best time to try, but I'll ask anyway:

Have you actually gotten to this site, and if so, when?

20817[/snapback]

See my post from Yesterday (1 Dec 04) .. I provided snippets of the HTML at both the referenced page and the page that one got redirected to ...

But, yes, the www.makelovenotspam.com (213.115.182.123) is not reachable from here at the present time either. The only thing I've found that returns anything is a WHOIS ... However, noting that the secure.mail.lycos.co.uk links do seem to be present (though not at port 80 apparently)

DavidT's first link must be rather popular, have yet to be able to get to that page ....

Link to comment
Share on other sites

Is the blocking related to poor network performance in Europe on the 1st around noonish? See graphs lower in the page.

If the bandwidth used is 3.4Mb per day, the total generated by this antispam screen saver will be 3.4Tbits per day if 1,000,000 users use it. Quite nothing for the internet (correct me if I'm wrong).

Definitively, DoS is illegal even for a good cause. May be it's the reason.

Link to comment
Share on other sites

DavidT's first link must be rather popular, have yet to be able to get to that page ....

It still works every time I click on it...you'll note that it's a direct link the the executable (installation) file...perhaps you've got some security settings that are interfering? In any case, if the backbone folks don't change their minds, it looks like this whole thing is dead in the water.

DT

Link to comment
Share on other sites

Interesting day. Cable guy was out back, allegedly replacing a neighbor's squirrel-gnawed cable. However, stuff here went to crap a couple of hours after he left. I can't believe what I'm seeing in the cable-modem logs;

Log cleared because it contained entries in an old format

DHCP Attempt# 1 BkOff: 5s Tot DSC:1 OFF:1 REQ:1 ACK:1

DHCP - Invalid Log Server IP Address.

DHCP WARNING - Non-critical field invalid in response

Retrieved DHCP .......... SUCCESS

DHCP - Invalid Log Server IP Address

DHCP RENEW WARNING - Field invalid in response

Gee, I wonder why I was having issues getting places <g>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...