Four Sites Targeted by Mugu Marauder Now Offline

At least four sites targeted by Artists Against 419 and its Mugu Marauder screensaver are now offline, although some target sites remain available. The Mugu Marauder is designed to exhaust bandwidth allotments for financial scam sites with repeated image requests.

Artists Against 419 targets web sites it has connected with advance fee (419) scams involving international money transfers. The group uses web applications and organized "flashmobs" of web users to target sites that remain online after hosting firms and law enforcement have been contacted.

When the Mugu Marauder was launched on Feb. 7, Netcraft began monitoring five sites on the list of target URLs published by Artists Against 419. Four of the five are now offline, with crownsecuritiesandfinance.com (removed from DNS) and www.firstglobaltrust.com (account terminated by web host) shutting down within days. Three sites housed at Chinese hosts lasted longer. Abbeytrustonline.com and bancoplatinum-online.com, housed at fz.fj.cn, became inaccessible last week. Swissroyallbank.com remains available on the Fujian Province Network, and continues on the Muru Marauder target list.

Abbey Trust web site performance
Swiss Royall Bank site performance

The 419-related banking sites differ from "phishing" scams in several aspects. While phishing sites impersonate a trusted financial brand, the sites targeted by anti-419 activists typically fabricate an institution to support the scam. These sites can remain online for extended periods of time, while the average life of a phishing scam at a hosting company has been estimated at 54 hours.

Stats compiled by Artists Against 419 indicate that requests by Mugu Marauder's 2,500 users have called 690 million image files totalling 7.5 terabytes of data in three weeks time.

Mugu Marauder has been compared to the MakeLoveNotSpam anti-spam campaign by Lycos Europe, which was discontinued amid controversy after it was blocked by Internet backbone operators. Artists Against 419 say the Mugu Marauder's activity isn't a denial of service because it aims to "leech" a site's bandwidth over time, rather than overwhelm it with simultaneous traffic. The software is programmed to pause requests to a target site when it receives any failed responses.

"The websites targeted by the Mugu Marauder are well established fraudulent sites that are resilient to all other attempts to have them shut down," according to an FAQ from Artists Against 419. "Every one of these targets are targets which are resilient to any sort of legal enforcement. Many are outside the jurisdiction of reasonable legal action."

Such distinctions are unlikely to impress network operators and ISPs, whose terms of service usually prohibit any activity that degrades the performance of other sites or networks.