Spamming the spammers: good idea or just misguided vigilantism?

There’s been a lot of talk recently about the screensaver Lycos made available earlier this week, which is designed to fight back at spammers. The screensaver, called ‘Make Love Not Spam’, responds to spam by sending a request to view the spam source site: where lots of such requests are sent simultaneously [that is, in response to spam], the source site slows down. The idea is to increase the costs incurred by spammers so that it’s no longer profitable to distribute spam.

Nobody likes spam, of course, except those who make money from it. But this approach raises some serious questions.

  1. How does this differ, in principle, from a DDoS [Distributed Denial of Service] attack? Surely the same practice is being used, even if no site is actually taken down.
  2. What if the traffic generated does take down a site by mistake?
  3. What if the ‘slow down’ targets the wrong site by mistake?
  4. What about the traffic generated by the screensaver? While individual users may chose to run the screensaver, a system administrator might be less than happy about corporate bandwidth being used for this purpose.

The bottom line, for us, is that while we’d like to see spammers stopped, the end does not justify the means.

Spamming the spammers: good idea or just misguided vigilantism?

Your email address will not be published. Required fields are marked *



The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Lazarus targets defense industry with ThreatNeedle

In mid-2020, we realized that Lazarus was launching attacks on the defense industry using the ThreatNeedle cluster, an advanced malware cluster of Manuscrypt (a.k.a. NukeSped). While investigating this activity, we were able to observe the complete life cycle of an attack, uncovering more technical details and links to the group’s other campaigns.

Sunburst backdoor – code overlaps with Kazuar

While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years.

Subscribe to our weekly e-mails

The hottest research right in your inbox