News reports have described Lycos Europe’s effort as “the first time the principle of distributed computing, which harnesses the power of computers while they are idle, has been employed against antisocial behaviour online.” The ethics and wisdom of vigilante DDoS attacks was widely debated earlier this year when Internet security firm Symbiot introduced a product that can launch “counterstrikes” against DDoS perpetrators.
Lycos Europe’s approach has been cheered by some Internet users fed up with spammers’ abuse of their mailbox and connectivity. The UK-based firm appears to be relying on the likelihood that the renegade sites being targeted are unlikely to use legitimate channels (such as ISP abuse departments) to report attackers. No Internet service providers have yet indicated that they will take action against subscribers participating in the attacks.
Lycos Europe says it expects to become the target of DDoS attacks from spammers, who often control botnets of compromised computers that can be used in DDoS attacks as well as spam delivery.
Lycos Europe said the reports of a site defacement were a hoax by spammers. Sites that download software are attractive targets for hackers, offering the ability to distribute malicious code that can be used to seize control of computers for use in botnets. Hackers were recently able to compromise the download server for the PostNuke content management system, redirecting users to malicious code for more a day. Open source projects Gentoo Linux, Debian Linux and CVS have also been compromised, but in each case the intruders were unable to access areas of the server housing download packages.
But Lycos Europe’s initiative already appears to have the attention of spammers and hackers, who have demonstrated their resourcefulness and interest in distributed computing with the MyDoom DDoS attacks and last week’s deployment of malware through banner ad networks.