Analysts say a new twist on the war against spammers in Europe isn’t likely to spill across United States borders, but is rather an opening salvo more likely to fizzle than to explode.
Earlier this week, Lycos Europe launched an aggressive campaign targeting spam-related Web sites. The UK-based company took the offensive when it released a “screensaver that spams the spammers.”
Downloads of the screensaver, cheekily named “MakeLoveNotSpam,” allowed users a measure of revenge against intrusive Internet interlopers. While idle, computers with the screensavers bombarded targeted spamming sites with data, generating expensive bandwidth bills.
“It was a big move,” said Gregg Mastoras, a senior security analyst with Sophos Security. It’s a move many believe may have only exacerbated the spamming epidemic by including individuals in the fight.
“The industry really needs to fight back, but this is not the way,” he added.
However, the Lycos campaign was initially a success — a reported 90,000 downloads were recorded within the first few days — as the program disabled several notorious sites, according to British monitoring firm Netcraft.
But the wisdom of a large, and potentially vulnerable, company directing distributed denial of service (DDoS) attacks was immediately questioned. As the number of screensavers swelled, a growing chorus of industry insiders questioned the ethics of launching the same type of attacks they were fighting against.
Anne Mitchell, president and CEO of the Institute for Spam and Internet Public Policy (ISIPP), said the Lycos action lends legitimacy to spamming and possibly escalated the war for individual users who went on the offensive.
“It is a bit like going up to a known terrorist’s house and pelting it with rocks on which you’ve painted your home address,” Mitchell said, noting that is was possible the IP addresses weren’t disguised when users spammed the spammers.
The UK-based company has since removed the MakeLoveNotSpam screensaver and replaced it with the rather cryptic message: “STAY TUNED.”
Mitchell said she’d be very surprised if a United States company employed the aggressive tactics of Lycos. “I’d have to say this is a flash in the pan,” she said. “It wouldn’t happen here.”
Distributed denial-of-service (DDoS) attacks are illegal in many countries. Offering a way for users to issue DDoS attacks against anyone, especially given the litigious nature of the U.S., would create a wave of lawsuits, she said. Tort law in the U.S. prohibits anyone, individuals or corporations, from inflicting intentional economic harm, she added.
“I could easily envision someone suing on behalf of a spammer,” Mitchell said.
But at least one American software company is developing a product that that would allow consumers to launch their own counter DDoS attacks.
Austin-based Symbiot plans to release iSIMS on March 31. The product is in the final phase of beta testing, and the company Web site claims the technology is not constrained, “but instead follows a model of applying “graduated response” against malicious acts, from simple blocking or quarantining techniques to more aggressive operations. The company said targets of malicious attacks have the right to respond with “asymmetric force,” including counter-DDoS attacks.