“At the point of time of your measurement, December 1st 2004, all the 3 sites you measured were not on the target list of the screensaver activity,” Pollmann said in an email to Netcraft. “The information you took from the website of makelovenotspam.com was merely historic reports and all the 3 Domains were targeted only between October 20th and November 9th, 2004. The 2 sites not responding in your measurement were most probably moved or shut down after.” A screenshot of Lycos’ initial description of its target sites can be seen here.
The screensaver download was pulled from the Web Thursday after more than 110,000 copies had been downloaded.
Meanwhile, an explanation has emerged for persistent reports that the MakeLoveNotSpam site was defaced by hackers, a contention denied by Lycos. The “defacement” appears to have been a message posted by MCI and presented to users of its network that tried to access the site. The message, reported by many users, warned that “attacking spammers is wrong. You know this, you shouldn’t be doing it.” An MCI spokesperson acknowledged seeing the message while trying to access MakeLoveNotSpam from the MCI network.
That explanation suggests that Internet backbone providers began blocking requests for MakeLoveNotSpam – a practice known as “blackholing” – as early as Nov. 30, several days before the practice became widely known.
Lycos Europe advertised MakeLoveNotSpam as a “screensaver that spams the spammers,” using idle computer time to attack sites that have been blacklisted for abusive spamming practices. The campaign, designed to appeal to e-mail users fed up with spam, was widely criticized by the Internet security community, and the site was blocked by many major connectivity providers.
Pollmann said all traffic generated by the screensaver will be halted by the end of the campaign, and challenged descriptions of the campaign as a denial of service attack. “Contrary to some reports, the service never launched a ‘distributed denial of service attack,'” Pollmann said. “Rather, a centralized database ensured all known spammers’ sites were left with at least 5% of bandwidth. The idea was simply to slow spammers’ sites and this was achieved by the campaign.”