Fight spam by eating their bandwidth?

[bamatone.livejournal.com]

Hey guys, this is my first post here (though I've been reading them for a while). Yes, I work tech support at a major university in the south. No, it's not hard to figure out where, heh. Anyway, I ran across this article on C|NET news today (from the BBC) and I have to share it with as many tech-savvy people as possible. (Because I think it's cool and because I want as many takes on it as I can get.)

And without further adieu...

Screensaver tackles spam web sites
Internet portal Lycos has made a screensaver that endlessly requests data from sites that sell the goods and services mentioned in spam e-mail.

Lycos hopes will it make the monthly bandwidth bills of spammers soar by keeping their servers running flat out.

The net firm estimates that if enough people sign up and download the tool, spammers could end up paying to send out terabytes of data.

"We've never really solved the big problem of spam which is that its so damn cheap and easy to do," said Malte Pollmann, spokesman for Lycos Europe.

"In the past we have built up the spam filtering systems for our users," he said, "but now we are going to go one step further."

"We've found a way to make it much higher cost for spammers by putting a load on their servers."

By getting thousands of people to download and use the screensaver, Lycos hopes to get spamming websites constantly running at almost full capacity.

Mr Pollmann said there was no intention to stop the spam websites working by subjecting them with too much data to cope with.

He said the screensaver had been carefully written to ensure that the amount of traffic it generated from each user did not overload the web.

"Every single user will contribute three to four megabytes per day," he said, "about one MP3 file."

But, he said, if enough people sign up spamming websites could be force to pay for gigabytes of traffic every single day.

Lycos did not want to use e-mail to fight back, said Mr Pollmann.

"That would be fighting one bad thing with another bad thing," he said.

The sites being targeted are those mentioned in spam e-mail messages and which sell the goods and services on offer.

Typically these sites are different to those that used to send out spam e-mail and they typically only get a few thousand visitors per day.

The list of sites that the screensaver will target is taken from real-time blacklists generated by organisations such as Spamcop. To limit the chance of mistakes being made, Lycos is using people to ensure that the sites are selling spam goods.

As these sites rarely use advertising to offset hosting costs, the burden of high-bandwidth bills could make spam too expensive, said Mr Pollmann.

Sites will also slow down under the weight of data requests. Early results show that response times of some sites have deteriorated by up to 85%.

Users do not have to be registered users of Lycos to download and use the screensaver.

While working, the screensaver shows the websites that are being bothered with requests for data.

The screensaver is due to be launched across Europe on 1 December and before now has only been trialled in Sweden.

Despite the soft launch, Mr Pollmann said that the screensaver had been downloaded more than 20,000 times in the last four days.

"There's a huge user demand to not only filter spam day-by-day but to do something more," he said "Before now users have never had the chance to be a bit more offensive."

Download the screensaver here.

Comments

[ex-prunesnp.livejournal.com]

Not a bad idea!

[anivair.livejournal.com]

Excelent. if only there were a nice linux version. I'd be more than happy to run it if anyone has one.

linux version

[irishmasms.livejournal.com]

or a version for BSD... ;)

Something kind of stinks to me.

[lepermime.livejournal.com]

Not trying to troll, but has anyone thought of the legality of doing this. You are essentially doing the same thing that spammers do. You are creating unwanted traffic, but not just to their servers/sites. You also have to take into account the backbone providers that you traverse to get to the site. Now 3 or 4 MB a day doesn't sound like much but multiply that by 20000 and you are now talking about 60 GB of traffic a day. And that's just from 20000 downloads. Seems to me like there is just as much liability in using this screensaver to fight back as there is in sending spam out in the first place. Of course being from the US it's quite possibly that this kind of thing just sits different. Any dissenting opinions? Just looking for legal arguments not spam is evil and this is not as bad moral arguments.

Re: Something kind of stinks to me.

[bamatone.livejournal.com]

Ah, but everything you said is exactly the point. We create traffic that eats bandwidth but does not bring a server to its knees. I.E. we're not participating in DDOS attack or anything - I believe that's what gets us off the hook.

As for all the bandwidth we're eating - exactly. If we make it uber-expensive for the spammers to operate their own servers, then we can, in theory, reduce our spam, right?

At this point, I think I speak for the majority when I say fuck the lawyers, I'm tired of worthless spam on the internet. ;)

(Maybe it is my American "cowboy" attitude, but it looks all good to me. :P )

Re: Something kind of stinks to me.

[jecook]

Something tells me that if I used this screensaver, I'd be facing a disco from my internet connection due to abusing my bandwidth and server restrictions.

You are not hurting the spammers so much as you are hurting any legit users of that machine.

personally, I hunt down people who hork the bandwidth I'm paying for. Even if you are not dening the service, you are degrading it, and that is morally wrong, even tho legally right.

and what if the "server" is a trojaned cable modem subscriber? Now you are hurting innocent people whose only real crime is not having a system on the internet with updated patches and AV/spyware protection installed.

Re: Something kind of stinks to me.

[bamatone.livejournal.com]

Every single bit of that is addressed in the article.

Re: Something kind of stinks to me.

[jecook]

Every single bit of that is addressed in the article.

My points still stand:

By getting thousands of people to download and use the screensaver, Lycos hopes to get spamming websites constantly running at almost full capacity

By doing this, you are slowing things down for other users on that server, who may or may not be legit. Perhaps you are familir with the /. effect? unless the server is well connected, if a hobby site gets nailed, the entire bloody machine (with possibly oer a hundred paying customers on it) gets the hose. Not very polite, if you ask me.

Besides, spammers ( and the advertisers who use the spammer's services) will get smarter and write filters for the web sites that will block that user agent, execute DDoS attacks on the people who are doing this, or some other unsavory thing, if it becomes sustainable. Frankly, I have not been subject to that sort of attack yet, and I don't want it. This is like killing an elephant with a 30 megaton nuke, IMHO.

I've had 'users' try hitting my web server with interesting things. As not only the web master of my domain, but also the network admin, I'm saying that this is a bad idea, and that nothing good wil become of it. Spammers are already using bot networks, viruses, and DDoS attacks in order to continue thair practices. Why make it worse?

Re: Something kind of stinks to me.

[microchip.livejournal.com]

I agree with the legal aspect, but not just that - if an unsuspecting web host, who doesn't know that spam is going out from his server - I'm a web host myself, but thankfully haven't had any spammers yet - but as far as they know, they're server is being DDoS'd for no apparant reason. Whilst I agree that specifically known spam robot servers should be taken out by some method, where do you draw the line?

[sketchydave.livejournal.com]

I don't think there is going to be much of a legality issue as far as the end user is concernered. Has a person with an infected computer ever been punished when a virus turns their machine into a spam-box? Or when their machine is infected and is used for a DoS attack? Nope, they go after the people who made the program. So Lycos may be the ones to worry about legality issues.

As for the end iser the worst I can see happening is your ISP giving you a friendly cease and desist. The same if the computer was infected and spewing out boatloads of spam. Remove the program and welcome back to the internet.

[korenwolf.livejournal.com]

Users I catch with infected boxes get blocked until they've fixed their machine. I work for a business ISP, a moron dumping a shedload of spam on the outbounds pisses off all the other users so blocking them is both the right business decision and morally right (not often you see that combination :).

[sketchydave.livejournal.com]

Exactly, you block them until their machine is fixed. I used to work for an ISP before the bubble burst and we did the exact same thing.

So if your ISP catches you running the screensaver, thats probably the worst you can expect. And even thats extreme compared to the amount of data one of those SPAM boxes sends out. Since I downloaded the screensaver I've sent out a total of 1 MB, which is insignificant on my DSL line.

Still haven't heard back from my ISP yet as to if the program violates anything, but we'll wait and see.

[sketchydave.livejournal.com]

And the best thing about this is its the ADVERTISERS who are being targeted. They are telling you to come visit their site. Well, we are, just in a different way.

[tsutton.livejournal.com]

Have a read here (http://www.livejournal.com/community/livejournal_uk/2074699.html)

[sketchydave.livejournal.com]

Lots of good points in the thread that you listed and in this whole thread.

As far as ethics go, I really don't have a problem with running the screensaver. You are targeting the advertisers of spam mail. The sites that they want you to visit. You send up to 4 megabytes in 24 hours to several of these sites. Its not a flood by any means and I believe that we could achieve the same effect by manually going up and down a list and loading each site.

Its like if you got 5 telemarketers in a day. You speak to each for 15 minutes, but don't buy anything. The telemarketers have to pay for that airtime, which isn't much, but there is noreimbursement. One person doing that won't make much of a difference. But if 4 out of 5 callers do that, it makes a big difference.

I am going to run the screensaver for a few days. I certainly send out more than 4 MB of data in a given day. I would be sending out more if I was running SETI@Home so I seriously doubt that my ISP has a problem with it.

[sketchydave.livejournal.com]

Correction, I am making SURE that this screensaver does not violate my ISP's Terms of Service. I just emailed them for clarification. If it does, I will not run it. If it is acceptable, I will.

Of course that doesn't answer the ethical question, but at least it will clear up the TOS. I hate SPAM, but I'm not losing my connection over it!

[gnostalgia.livejournal.com]

Just take the list of site and post 'em to Slashdot claiming someone's built a Beowulf cluster with a wicked casemod and there's tons of pictures on the sites.

Problem solved!

[mav-antagonist.livejournal.com]

ahh the /. effect what a wonderful thing...

[jahbulon.livejournal.com]

Dude, its without further ado. "Without further adieu" means "without further farewell".

[bamatone.livejournal.com]

Haha, yes. I was wondering when someone would point that out.

[jahbulon.livejournal.com]

Its the little things

that shit me.

[korenwolf.livejournal.com]

Complete insanity, all it'll take is a joejob against a website for it to be ddos'd off the face of the planet. Certainly if I find that someone is running it on my network they'll be treated the same as any bot infected host or a willing participant in a DDoS. Abuse is abuse.

[sketchydave.livejournal.com]

Its definitley a razor fine line that Lycos is walking. Good article here involving some of the penal codes and such:

http://www.heise.de/english/newsticker/news/53697

And how do you stop a program that sends out so little data? It doesn't use any odd ports, I have them all blocked on my firewall. Windows firewall didn't sem to even notice it. Not that tat is saying much. EVERY internet application seems to send out more data than this program. The problem is that with so many people using it, thats where the damage is done.

And I agree, whats to stop Lycos from targeting their competitions websites? Very interesting...