http://news.zdnet.co.uk/internet/security/0,39020375,39175578,00.htm Munir Kotadia ZDNet Australia December 01, 2004 Spammers are suspected of hacking into and downing Lycos's anti-spam Web site just hours after it went live. The Web site is currently inaccessible and could also be the victim of a DDoS attack. Lycos on Tuesday kicked off its "make love not spam" campaign by offering users a screensaver that helps to launch distributed denial-of-service (DDoS) attacks on spammers' Web sites. The company said the screensaver uses the idle processing power of a computer to slow down the response times from spammers' Web sites - much in the same way spammers use compromised PCs to distribute unsolicited email messages. However, within hours of the makelovenotspam.com site being launched, the original front page was replaced with a simple message: "Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action." Finnish antivirus firm F-Secure, which advised users not to participate in Lycos' campaign because of "possible legal problems", suspects the site has been hacked by a pro-spam group because "they definitely would have a motive to attack the site". F-Secure reported that the Web site had returned to normal by around 6 a.m. (Sydney time) but at the time of writing makelovenotspam.com was unavailable and could be under a retaliatory DDoS attack. Earlier this year, Symbiot, a Texas-based security firm launched a corporate defence system that was designed to fight back against DDoS and hacker attacks by launching a counter-strike. At the time, Symbiot's president Mike Erwin said that "totally passive" defences were "not an adequate deterrent" and argued that for complete defence an "offensive tactic must be employed". Security experts were alarmed at the company's attitude and warned that such tactics could be counterproductive. Jay Heiser, chief analyst at IT risk management company TruSecure, said Symbiot's proposal was a very bad criterion for choosing risk-reduction measures. "There is no evidence that this is the most effective way to deal with the problems and there is quite a bit of historical precedence that indicates it is totally counterproductive," said Heiser. Lycos was unavailable for comment. ZDNet Australia's Munir Kotadia reported from Sydney. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Wed Dec 01 2004 - 09:04:41 PST