Lycos kills off its anti-spam zombies

The controversial attempt to attack spammers by bombarding their websites with traffic from thousands of individual PCs is over.

After a week of heavy criticism of the company's plan to launch denial-of-service-like attacks on spammers, Lycos has thrown in the towel, lashing out at the media and internet monitoring company NetCraft.

In a statement from the company said: "We are astonished by the enormous resonance generated by the "Make Love No Spam" campaign. With this campaign we intended to raise a new impulse in the anti-spam discussion and therefore create awareness for the big economic and societal problems caused by spam. The campaign has reached its goal and thus will be stopped."

The company forcefully denied both that it had launched any denial-of-service attacks on spammers, and that it took two Chinese websites offline.

The statement continued: "In opposition to media reports to the contrary. we did not attempt any denial-of-service. We forcefully rebut a report by Netcraft referring to two spam servers having been disabled by our screensaver. At the point of time of the Netcraft measurement on December 1st, 2004, both spam servers were not on the target list of the screensaver. Also, the screensaver's website has not been hacked as reported by F-Secure. This has been acknowledged by F-Secure itself."

This decision comes just a week after "Make Love Not Spam" was launched. The tool was taken offline last Friday, but at the time Lycos claimed that the tool would soon be back online.

"Things have changed," said a UK spokesman on Monday. He said that Lycos had reviewed "Make Love Not Spam" before deciding not to bring it back.

Lycos won huge amounts of publicity from its anti-spam tool, but also attracted a storm of criticism from experts claiming the scheme was poorly thought out, and a bad idea overall.

Although the campaign was short lived, legal experts believe that the plan highlighted holes in UK laws. Earlier this year, the All Party Internet Group (APIG) recommended that parliament made it an offence to impair access to data as part of an upheaval of the Computer Misuse Act (1990). But as it stands companies may have trouble in prosecuting anyone who starts DDoS attacks.

"The Lycos thing has shown a lack of ability [in the law] to prosecute for denial-of-service attacks," said Mark Smith, solicitor for Olswang. "You would struggle under current laws to bring a case against someone. The problem is that DDoS attacks cross jurisdictions."

Dan Ilett and Graeme Wearden write for ZDNet UK.