Web portal Lycos Europe launched its Make Love Not Spam screensaver on Wednesday, encouraging irritated internet users to get their own back by sharing computer power in order to increase the costs incurred by spammers.
Like the most famous example of small-scale grid computing, the SETI@home project, the screensaver was designed to allow users to donate their computer's idle processing power to the campaign.
However, the Lycos Europe screensaver seems to have generated so much traffic that, according to reports, some spam sites have been knocked out. If true, it suggests that the screensaver has become a distributed denial of service (DoS) attack. But Lycos Europe has vigorously denied that it intended to launch DoS attacks.
"I have to be very clear that it's not a denial-of-service attack," Malte Pollmann, director of communication services for Lycos Europe, told ZDNet UK. "We slow the remaining bandwidth to 5%. It wouldn't be in our interests to [carry out DoS attacks]. It is to increase the cost of spamming. We have an interest to make this, economically, not more attractive."
DoS attacks are a grey area of law in the UK. The country's main cybercrime legislation, the Computer Misuse Act of 1990, was drafted at a time before the World Wide Web existed. A possible loophole exists because the Act expects the criminal activity to have involved access to or modification of material. With a DoS attack it can be argued that there is no such access.
However, in England, it is possible that such an attack could also constitute an offence under the Criminal Damage Act. In Scotland, it could potentially be prosecuted as malicious mischief.
In June this year, the UK's All Party Parliamentary Internet Group (APIG) recommended that the law be extended to clearly cover DoS attacks.
The Lycos Europe campaign has also been criticised by internet security firms as inviting a response from hackers. Indeed, according to some reports, the site has already been hacked, with some users linking to the site only to find a message saying:
"Yes, attacking spammers is wrong. You know this, you shouldn't be doing it. Your IP address and request have been logged and will be reported to your ISP for further action."
Lycos has denied that a hack attack took place, but, at the time of writing, the makelovenotspam.com site offered only a holding page, and links to the site from Lycos Europe appear to have been removed.