Lycos' anti-spam screensaver draws fire

A screensaver developed by Lycos Europe that gives spammers a dose of their own medicine is attracting plenty of attention, but not all of it good.

The company officially launched the "Make Love, Not Spam" screensaver Wednesday but a beta version had already been widely distributed. Offering to "spam the spammers," the screensaver works by repeatedly requesting information from Web sites advertised in spam, thereby reducing the performance of those sites.

Reports began to surface earlier this week that the Web site containing the "Make Love, Not Spam" download had been hacked, with users receiving a message reading "Yes, attacking spammers is wrong, you know this, you shouldn't be doing it. Your ip address and request has been logged and will be reported to your ISP for further action."

A Lycos Europe spokeswoman said Wednesday that the site had "absolutely not been hacked," however. The company was victim of a hoax, she said, and someone mocked up a screen shot of the hacked site and forwarded it via e-mail.

Although the site was inaccessible to some users Tuesday and Wednesday, the spokeswoman said that this was due to "overwhelming demand" and that the company was working to rectify the situation. The screensaver has already been downloaded over 90,000 times, the spokeswoman said.

She added that the company is "well aware that it is a controversial service" and measures have been taken to defend it.

Even if the company is not currently under attack, a security expert said that Lycos Europe opened a potential Pandora's Box by deciding to take direct action against the spammers.

"This seems like a very shortsighted idea of theirs, lowering themselves to the same level as the hackers and spammers," said Graham Cluley, senior technology consultant at Sophos.

There is the real danger that Lycos Europe has made itself a target for hackers, and what's more the company could be treading into a gray legal area, Cluley said.

Although the screensaver does not send spam, violating anti-spam laws, it could potentially violate rules against launching a denial of service attack, he said.

But Lycos Europe claims that it does not intend to actually take down the spammers' sites, just deteriorate their performance. The company is using a central database to manage the sites the screensavers are attacking and regularly takes sites out of the attack cycle to make sure that they are not entirely brought down, it said.

That aside, Cluley advised users not to use the screensaver, which could eat up company bandwidth and possibly incite the ire of hackers.

"My advice is to get a decent spam filter, and for God's sake, stop buying things advertised in spam," he said.