News Stay informed about the latest enterprise technology news and product updates.

Security Bytes: Retaliation for Lycos' spam assault

In other news, Microsoft sues more spammers while phish schemes go after Google and Kazaa meets its match in court.

Spammers strike back at Lycos
Someone has apparently struck back at Lycos for putting out a spam-attacking screensaver. reported Thursday that spammers were suspected of hacking into and downing Lycos's antispam Web site just hours after it went live. The Web site was inaccessible Wednesday because of a suspected distributed denial-of-service attack. Lycos launched its "Make Love, Not Spam" campaign Tuesday by offering users a screensaver that launches distributed denial-of-service attacks on spammers' Web sites. The company said the screensaver uses the idle processing power of a computer to slow down the response times from those sites. Within hours of the site being launched, reported that the original front page was replaced with a simple message: "Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action." Lycos Europe spokesman Kay Oberbeck said Tuesday the goal of its new screensaver is to "show the owners of such spam Web sites that there is massive interest of thousands of users who are not willing to just give up against more and more spam each day." Oberbeck acknowledged the risk of going after a legitimate site that has been hijacked by a spam-spewing site. "You have to be careful and that is what we are doing," he said. He said Lycos takes care not to crash spam servers altogether, respecting at least some of their bandwidth. "They will never go down below 5% bandwidth. Never."

Microsoft sues alleged CAN-SPAM violators
Microsoft is suing seven people for allegedly violating the CAN-SPAM law. The seven lawsuits were filed Wednesday in Washington State Superior Court against "John Doe" defendants who weren't identified, the software giant said in a statement. The lawsuits allege they violated CAN-SPAM and Washington state's Commercial Electronic Mail Act, which forbids using compromised computers around the world to route spam e-mail messages, using misleading subject lines and failing to include an unsubscribe option and physical address. Collectively, the defendants are accused of sending hundreds of thousands of e-mail messages to people using "zombie" PCs. "Sexually explicit materials and publications for sale in stores are required by law to be covered from view with a brown paper wrapper, and it's important that consumers are protected online in the same way," said Nancy Anderson, vice president and deputy general counsel at Microsoft. The federal CAN-SPAM law requires that a mark or notice be included in all spam containing sexual material.

Phishing traps litter Google, other search engines
They look like legitimate e-commerce Web sites, but they're really phishing traps. Deerfield Beach, Fla.-based security firm CyberGuard warns that phishers are setting up the fraudulent sites and waiting for users surfing Google and other search engines to find them. Phishers typically lure victims to malicious Web sites by sending official-looking e-mails that appear to be from reputable companies asking users to verify their user names and passwords. Many are now setting up legitimate looking e-commerce sites that hide links to malware as pictures of goods on sale, CyberGuard told CNET Paul Henry, a senior vice president at CyberGuard, said instead of linking to pictures of the advertised product, the links point to a self-extracting .zip file that installs a Trojan horse on the victim's computer. The program could then steal personal and financial information. "If it looks too good to be true, it probably is. Don't let the Grinch steal your Christmas," Henry said. New York-based MessageLabs has warned of a new phishing method that doesn't require the user to open an e-mail attachment or click a link. The company said it had discovered some malicious e-mails that, when viewed, could run a script that manipulated certain files on the victim's computer. The next time that computer attempted to log on to a legitimate banking site it would automatically be redirected to a fraudulent Web site.

New developments in Kazaa trial
Overriding severe objections from Sharman Networks, an Australian judge allowed an antipiracy company to testify at the trial against the owners of peer-to-peer software Kazaa, CNET reported Thursday. Tom Mizzone, vice president of data services at New York-based MediaSentry, told the Sydney court his company is able to identify Australian users of Kazaa software by tracking the IP address. He said the IP addresses allocated for Internet service providers in Australia can be traced through the "scanners" his company uses to track down sound recordings and user information within the Kazaa system. He added that MediaSentry is also able to detect the copyright-infringing music files made available for download in the Kazaa system's shared folders. Mizzone told the court his company is doing what any ordinary user of the Kazaa system is able to do. Aside from detecting files, he said, they can also communicate with the users using instant messaging.

Mizzone's statement is critical to the music industry's claim that Sharman Networks can use the Kazaa software to identify people who are downloading copyright-infringing materials and communicate with them at the same time, CNET reported. Sharman Networks and other respondents in the trial have maintained they can't control what Kazaa users do with the software and that past trials of filtering have failed. Major record labels Universal Music Australia, EMI, Sony/BMG, Warner, Festival Mushroom and 25 additional applicants are suing Sharman Networks and associated parties --including Brilliant Digital Entertainment, Altnet, Sharman CEO Nikki Hemming and others -- over alleged music copyright infringement made through the Kazaa software. Also Thursday, Federal Court Justice Murray Wilcox dumped the majority of the respondents' affidavits for the civil trial, saying they are not relevant to the case about copyright infringement.

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.