The 419-related banking sites differ from “phishing” scams in several aspects. While phishing sites impersonate a trusted financial brand, the sites targeted by anti-419 activists typically fabricate an institution to support the scam. These sites can remain online for extended periods of time, while the average life of a phishing scam at a hosting company has been estimated at 54 hours.

Stats compiled by Artists Against 419 indicate that requests by Mugu Marauder’s 2,500 users have called 690 million image files totalling 7.5 terabytes of data in three weeks time.

Mugu Marauder has been compared to the MakeLoveNotSpam anti-spam campaign by Lycos Europe, which was discontinued amid controversy after it was blocked by Internet backbone operators. Artists Against 419 say the Mugu Marauder’s activity isn’t a denial of service because it aims to “leech” a site’s bandwidth over time, rather than overwhelm it with simultaneous traffic. The software is programmed to pause requests to a target site when it receives any failed responses.

“The websites targeted by the Mugu Marauder are well established fraudulent sites that are resilient to all other attempts to have them shut down,” according to an FAQ from Artists Against 419. “Every one of these targets are targets which are resilient to any sort of legal enforcement. Many are outside the jurisdiction of reasonable legal action.”

Such distinctions are unlikely to impress network operators and ISPs, whose terms of service usually prohibit any activity that degrades the performance of other sites or networks.