Chongq and the Spam Vampires

by Brian McWilliams

As spam threatens to drown out civilized online conversation, many internet users are seized with a strong desire for revenge. Earlier this week, nearly 100,000 people downloaded a controversial anti-spam screensaver within a day of its release by Lycos Europe.

The Lycos Make Love, Not Spam program is not the first effort to drive up spammers' costs through bandwidth robbery. Last year, a site called Artists Against 419 unveiled a browser-based tool called Lad Vampire. It attempts to suck the lifeblood from spamvertized fraud sites through JavaScript that repeatedly loads a target site's graphics. In recent months, variations of the spam vampire technique have appeared elsewhere online. (One such site called its vampire implementation an "image rotator on steroids.")

The Lycos campaign may have put a groovy veneer on the spam vampire approach, but it nonetheless represents a serious escalation in the spam wars. Some internet users have accused the big online firm of fighting abuse with abuse and of stooping to the ethical standards of its opponents.

"A DDoS [distributed denial-of-service] attack is a DDoS attack," said Andrew Kirch, a security administrator for the Summit Open Source Development Group. "This isn't civil disobedience, and it isn't going to stop spam any time soon."

But one new technique shows that retaliatory anti-spam tools don't have to be morally degrading. Although it lacks the drama of the spam vampires and the ease-of-use of the Lycos anti-spam screensaver,, a new headquarters for combating blog and wiki spam, certainly takes the high ethical road.

Like more militant tools, the web site attempts to disrupt the economics of spamming. But it uses a sort of electronic jujitsu to defeat the spammers and search-engine optimization (SEO) consultants who litter blogs and wiki sites with their ads.

Related Reading

Spam Kings
The Real Story behind the High-Rolling Hucksters Pushing Porn, Pills, and %*@)# Enlargements
By Brian McWilliams

A little history helps explain the unique approach. Manni Heumann and "Joe C.," the operators of, coined the term "chongq" last April to refer to blog and wiki spam after having their favorite wiki repeatedly spammed by someone apparently in Chongqing, China. Like blog and wiki operators everywhere, they had been spending considerable time every day deleting and reporting spam. But Heumann and Joe C. eventually decided to beat the spammers at their own game.

According to Heumann, the goal of blog and wiki spammers is not to get free advertising on the victim sites. Instead, the spammers hope to parlay the popularity of the targeted blog or wiki to catapult their own commercial sites to the top of search engine results on a selected keyword. (Chongq often consists simply of a hyperlinked keyword.) attempts to usurp spammers' search-engine position through orchestrated, non-violent retaliation by popular blogs and wikis. By posting hyperlinks from the spammed terms to the site, blog and wiki operators can throw spammers to the mat. As the site proclaims to spammers, "All your page ranks are belong to us."

At present, the technique is very labor intensive. And has only managed to grab top search-engine rankings on a couple of keywords used by spammers. But that could change dramatically if more sites and wiki owners posted links to, said Heumann.

By contrast, spam vampire tools offer immediate and nearly irresistible retaliatory power. A trial run of one such program using a cable modem easily sucked down over 2 MB of bandwidth per minute from a couple of spammer sites. (Lycos says its Flash-based screensaver throttles individuals from using over 3 MB per day.) Since many hosting firms charge steep premiums when their customers exceed predetermined bandwidth quotas, such attacks can quickly hurt spammers in the pocketbook.

Spam vampires appear to have captured the attention of junk emailers. In September, a German spammer posted a plea in an online spam forum, seeking help against such attacks. According to the notice, anti-spammers have "set up a script that reloads all my pics from my hosted website every minute. This causes enormous traffic as everybody can imagine, and now I'm looking for fast help."

According to the unidentified operators of Artists Against 419, over 173 fake bank and other scam sites have been shut down using the site's image-loading technique coupled with a tag-team approach known as the Monthly FlashMob, in which groups of Lad Vampire users simultaneously target a spammer's site using the tool.

One independent analysis found that the Lycos screensaver drains bandwidth from target sites by sending repeated, malformed http requests. The legality of the program, as well as that of the spam vampires, has yet to be tested. To be sure, the screensaver is a blunt instrument in the fight against spam.

Calle Sjnell, creative director for Starring, the Swedish firm that created the "Make Love, Not Spam" campaign for Lycos, provided no insight into how targets were prioritized. According to Sjnell, the URLs of spam sites are chosen from "several SURBLs [spam URL realtime blocklists] including SpamCop" and manually checked by staff.

Yet, one target site highlighted on the anti-spam program's "Effects of the campaign" page wasn't listed on any blacklists, according to a popular checker.

The target,, quickly received over 17 Gb of traffic generated by the Lycos screensaver, according to the program's home page. (A screen grab is here.) Nikolai Siren, webmaster of, which offers paintings of Ukrainian artist Alvi Siren, said he has never directly advertised the site via spam. Furthermore, he claimed Lycos has not responded to his requests to be removed from its list of target sites.

(Sjnell declined to provide a roster of the sites targeted by the Lycos anti-spam screen saver, citing "security reasons." However, an XML file containing the updated list was accessible at the following URL:

The openness of wikis and blogs--most allow any visitor to post messages without registering--makes them a prime target for spammers. But Heumann says users shouldn't simply resign themselves to an online life filled with chongq.

"If I don't close the door to my garden, do I find huge ads posted on my house the next morning?" he asks. "With just a little netiquette, the internet is a better place. And we are trying to enforce a little netiquette (and give people a chance to retaliate)," said Heumann.

This week, at least two spammers targeted by the Lycos screensaver cleverly configured their DNS servers to send all traffic back to the site. (Lycos suspended the anti-spam service Thursday, although its reasons were unknown.) So far, has faced no such retaliation from spammers. A few have posted what Heumann called "childish tantrums," while one spammer wrote to explain that he'd leave any wiki alone after being allowed to post five keywords links.

Joe C. said that's an unacceptable proposition.

"The purpose of the wiki is to share information, not to help some pathetic wannabe SEO company boost their page rank. If every wiki spammer in the world promised to only put five links on a wiki, it would still leave wikis full of garbage and unusable," said Joe C.

Still, many internet users believe that the only way to defeat spam is by hitting back at the spammers. William Keeley, the author of Spam Fryer, a Java-based, vampire-like applet, rejected what he called the "useless flutter" from people concerned about the ethics of such programs.

"Using purely defensive means has not worked. It is like someone throwing punches at you and all you do is hold your arms over your face to fend off the blows," said Keeley.

Clearly, many internet users aren't satisfied with striking a truce with spammers. As the "Make Love, Not Spam" campaign, as well as and the spam vampires demonstrate, desperation is the mother of spam-fighting invention.

Brian McWilliams is the author of Spam Kings and is an investigative journalist who has covered business and technology for web magazines including Wired News and Salon, as well as the Washington Post and PC World, Computerworld, and Inc. magazines.

Return to the O'Reilly Network.