Mugu Marauder: Windows Users Asked to Target Nigerian 419 Scammers – Don’t Do It!

The Internet Patrol default featured image
Share the knowledge

A group calling themselves “Artists Against 419” are asking Windows users to take part in their Mugu Marauder “art” project and take down the scam sites hosted by so-called “419 scammers”.

The “Mugu” in “Mugu Marauder” apparently is the term which the 419 scammers themselves use for an intended victim target.

The term “419” refers to the section number of the Nigerian penal code which makes the scam illegal.

You know the type of scam I mean – it always starts out with some version of “Greetings – I am Mariam Abacha, wife of the late General Sani Abacha…“, and promises to make you wildly rich if only you can help her to smuggle out the fortunes squirreled away by her late husband.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link


Artists Against 419’s “project” works like this. You install the Windows software they have developed for you, which provides you with the coordinates of certain images to display on your website. Each image is actually an image currently being displayed on the websites of the 419 scammers. In other words, you are linking to their image as the source for the image on your website.

This means that the 419 scammer is ‘hosting’ the image you are displaying on your website, which in turn means that every time someone views that image on your website, the 419 scammer is the one providing the bandwidth. The theory goes that if enough users are participating in the “project”, the scammer’s site will not be able to keep up with the bandwidth demand, and the scammer’s site will go down (they claim to already have over 1300 “artists”).

An interesting theory. However, like the spectacularly stupid media stunt pulled by Lycos with their “Make Love Not Spam” screensaver program – which created a Seti-like network of Windows machines which were essentially DOSing the machines of spammers – Mugu Marauder is a Really Bad Idea.

Their FAQ starts off with:

Question: “Aren’t you fighting abuse with abuse?”
Answer: “It’s art! Sometimes art hurts, but there are no civil casualties in this battle.”

Indeed, the Mugu Marauder site says “To display images on this page we use and damage the bandwidth of the following criminal fake bank websites…”

“use and damage”.

For some reason the creators of this Mugu Marauder, the Artists Against 419, don’t think that this constitutes a DOS attack, or any other sort of illegal activity. Apparently, it turns out, these “artists” think that two wrongs do make a right, and also apparently believe that by calling it “art” their activities will be protected.

Think again.

Someone has to pay for this bandwidth. Are you really stealing from the 419ers themselves (as if that would make it ok), or from innocent third parties who don’t even realize they have a scammer in their midsts?

If you think that this is somehow a legally safe activity, let me put it this way for you: try telling it to the judge.

At the very top of their site, the Mugu Marauders say that it is, and I quote: “100% risk free”

The only thing 100% about it is that it is 100% a Really Bad Idea.

Don’t do it.

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link


Share the knowledge

19 thoughts on “Mugu Marauder: Windows Users Asked to Target Nigerian 419 Scammers – Don’t Do It!

  1. Let’s put the actual legality aside for a minute and ask another question: is a member of aa419 ever going to actually have to “tell that to the judge?” It seems as though the police don’t even have the resources or time to go shut down the 419 scammers and fake banks, so I find it quite improbable that some online Vigilantes (who, let’s face it, are going after the criminals) are ever likely to have the SWAT team show up at their house ready to lock them up and throw away the key. If you were to visit, you’d encounter a few thousand people who like to go and threaten the scammers, waste their time, and even scam the scammers back (this has been done). Virtually none of these “scam-baiters” has ever found themselves in any sort of legal trouble, even if what they have done could be considered illegal, and it is posted online on a site frequented by thousands of individuals.

    The legality of taking on the scammers has been discussed there before, quite a few times. (Here is one instance of it occuring:

    When one member asked a policeman here in Australia about the chances of a baiter being prosecuted if a scammer complained, he basially said “no difference to a drug dealer being sold fake drugs…would be laughed out of the police station if he even tried”, to quote a member there. Whilst we obviously can’t take it as professional legal advice, and it isn’t technically the same thing as aa419 is involved in, I’d be prepared to bet that the situation would be very similar. I seriously doubt that any scammers operating these fake banks have ever complained (as they would have to answer some very embarassing questions about being 419 scammers), and I would be extremely surprised if the police really wanted to do anytihng about it.

    As far as I know, nobody involved in fighting fake banks with aa419 has ever wound up in any actual legal trouble for doing what they do, and I somehow doubt that law enforcement bodies are about to shut them down any time soon.

    (Note: I am neither a cop nor a lawyer, and none of this is real legal advice, just a series of observations)

  2. The only thing necessary for the triumph of evil is for good men to do nothing.

  3. The person that wrote the artical “Windows users asked to target nigerian 419 scammers dont do it” is an idiot and does not know what a DOS attack is. The idea mentioned by aa419 is no different than normal high access to a site. It is not hitting the site with rubbish attacks like a DOS atack. Read all the info on aa419 moron.

  4. I am fairly sure that this will not be a popular comment, but is there no distinction between what is “legal” and what is “right”?

    What the flashmobbers are doing may be technically on the wrong side of American law but I still approve. It is not done out of malice or for profit, but for a sense of mischevious benevolence. If it does take hundreds of participants to be effective, and given that there is virtually no chance of any of the owners of these sites bringing a complaint to the US authorities, then the flashmobbers are pretty safe from prosecution.

    Perhaps its American law that needs to catch up?

  5. Yep, The whiners all say to “call the internet police.” Well, the truth is that the hosters (Not ISP’s) have been unresponsive to calls to shut down the scammers. We do not have to take these predators preying on the vulnerabilities of internet noobies, the elderly, and the very young (The most lilely victims) Same fools that will die waiting for the police instead of taking out the punk breaking in the house!!!

  6. Based on Aunty’s pointless accusations of aa419 advocating/committing/orchestrating a criminal act, specifically a DDoS attack, during their regular flashmob events, some of you got hooked pretty well and apparently decided to ignore the facts. As usual on the internet, the facts are just a few clicks away. They are here: and here:

    If you care to read the above sources from aa419, you will hopefully understand why the Mugu Marauder does not constitute anything close to a DDoS attack. To put it short, aa419 flashmobs are bandwidth hogging instead of “overwhelming a system”. The idea and the corresponding implementation do not target the host or the hoster, they do not intend to and do not actually disrupt services, overload servers and such. Quite the contrary is true. As soon as the targeted fraudulent site goes down, the load stops immediately. The targeted (fraudulent, illegal) site goes down as soon as the purchased monthly bandwidth will be exceeded or when the hoster, who was previously notified at least twice and who ignored the complaints, eventually decides to take it down, respectively.

  7. Linking to an image on someone elses web site is going to land someone in jail? W T F there are millions of criminals who use HTML capable bulletin boards who are going to the joint. Let’s get real.

  8. Aunty, You are unclear on the concept of WAR. Yes, this is a war, and
    if this “society” doesn’t wake up, it will collapse. Wake up !!!!!

  9. That’s a very narrow definition of DDoS. A denial-of-service attack is simply a deliberate attempt to overwhelm a system by sending repeated requests. A distributed denial of service attack is a coordinated DoS from multiple systems. The protocol isn’t important, it’s the intent to overload. (This is why being slashdotted isn’t really a DDOS — the intention is to share or read an article/story/etc., not to take down the target’s site.)

    If the intent of the project is to take down websites by overloading them with traffic, well, I’d say that constitutes a denial-of-service attack. Even if not, someone on the “dark side” (if you’ll excuse the pun) could easily argue the point and file charges or a civil lawsuit.

    If DOSing the bad guys is legal in your jurisdiction, that’s great. DOS away. But it’s not legal here, and cases like Charles Booher (arrested for making death threats to a spammer, later killed himself) make it clear that even with spammer, breaking the law to stop them is risky. Some people are willing to take the risk. Others are not.

    The big mistake, of course, is assuming there’s only one solution to the problem.

  10. It’s sort of like watching the movie Death Wish- you hope he gets his revenge and takes a bite out of crime, but at the same time you know he’s also breaking the law. Unless these spam sites have notices stating that it’s illegal to use their content via direct links, AND the material being linked to is in fact their own intellectual property and not public domain, then there is no legal issue with what they are doing.

    They are broadcasting their “services” to the Internet the way a radio might play in a public space. If I walk up and start babbling to where nobody else can hear that radio, does the advertiser have a legal right to pursue me? I don’t think they would based on my layman understanding. But they paid to get their message out, just like paying for ISP bandwidth. If I linked to a pic and then had a web page refresh constantly, I am acting in a way consistent with a DoS attack though, and there is legal precedence regarding that. But if I don’t refresh so much as to be singly responsible for the act, but rather am 1 of thousands visiting the resources on their system, that should not be illegal. If thousands of people walk into a coffee shop to look at the menu, with the intent of not buying something but just to look, what could the shop do?

    At best this is a grey area, at worst the spammers could log requests and target those machines. Or if they had half a brain, they could make simple changes to their sites that prevented remote linking.

  11. Well, it is *not* a DDoS attack, if that´s what all you jolly-do-gooders refer to, it is repeatedly downloading images from websites, which causes the websites to either be deactivated for exceeding their allowed bandwidth or the criminals that set them up to be charged huge sums for all the traffic that we cause. Both will hurt them. That´s our goal. Nothing more and nothing less.
    I don´t think that http requests – even though repeatedly by *many* people – are to be construed as illegal activity. We do not aim to attack the servers of particular hosting companies to cause a general denial of service, we target single websites, that have been set up with the sole purpose of defrauding people.
    If you stigmatize us as vigilantes, well, fine. I can live with that.
    Some people are great at talking, others act.


  12. I didn’t see any attacks – I saw a recommendation to not participate in what is likely to be construed as illegal activity, if it is ever examined closely. When ISPs are ineffective, there are police agencies to contact.

    Vigilanteism is fun and satisfying, but it’s not a viable solution in the long run.

    Meanwhile, I’m sure it feels good to have an effect, albeit momentary, on the purveyors of spam and evil that are the 419’ers. Good luck.

  13. Linking to images on a web site is a “grey area” I won’t debate at the moment. But all you people knocking the idea just think, “What have you done to fight against spam, 419 attacks, …” I’m not talking about protecting your own PC (although that is a good idea), I’m talking about making the net a safer place for everyone. Some people aren’t as informed and get caught by these “tricks”. To some of these people that money they lose if all there savings. I’m not saying you should or shouldn’t support this method of fighting the problem, just don’t attack the people that are doing something if you can’t come up with a better idea to end the problem. In the end it will have an effect on YOU in some way.

  14. “(Geez. Another completely uninformed comment from a know-all. Let me explain it to you, ok?) – Lord Vader”
    Talk about calling the kettle black. Seems the great “Lord” can’t read and comprehend at the same time. I’m with Auntie, I don’t like the spamming, phishing, fruad, etc, either. But two wrongs doesn’t make it right. What “might” be legal in Africa does NOT make it so in the USA.

  15. If it don’t take out innocent peoples internet connections, I say “go for it”, it’s about time someone took care of these weenies! But I’m pretty sure that if your knocking out an entire ISP, there are others that use the system besides scammers, spammers and other crooks.

    It’s just too bad our government can’t have these fake sites blocked so no one in the U.S. can send/receive to these sites. Wouldn’t that be proactive against fighting crime? Then again, some liberal #[email protected]%$# would cry “foul” because they aren’t guilty of a crime until caught…..

  16. I tend to agree with Aunty’s reponse. It is not a question of effectiveness of a certain action. (Killing a person is also effective), it is a quesiton of legal, moral, ethical and long term effectiveness.

  17. Geez. Another completely uninformed comment from a know-all. Let me explain it to you, ok?
    1. We identify fraudulent websites and they are posted into the “Fake Bank” forum on, where a very professional group of people use various means to confirm that the websites in question really are fakes and fraudulent.
    2. We then write a complaint mail to the company hosting the fraudulent website in question, including every indication and proof of why the website in question is fake and used to defraud people.
    3. If the hosting company does not react, we write at least one more complaint mail. Usually there will be at least 2 weeks to a month between the first abuse note is sent and us starting to target the site in question.
    4. We include the site in our list of targets.
    You know, I find it really interesting that you claim to be fighting spam, yet all you seem to be able to do is whinge about it.
    We are taking a proactive stance. If you would have looked closely at what the motto of this 419 FlashMob by the Artists was, you would have seen that our main targets were all on th Spam Heaven servers with chinese hosts. The ones that most spam originates from nowadays and you know full well that these hosters have exactly one person taking care of the “[email protected]” mailbox and their job is to move the content of the inbox to /dev/null.

    “Somebody has to pay for the Bandwidth”.
    Correct. The hosters and the scammers. We never attack a website without informing the hoster at least TWICE, so the claim that they host criminals unknowingly is invalid. As a matter of fact, many hosters are now taking a proactive stance as well and cooperate with us to identify and shut down fraudulent websites, which is to be credited to the aggressive approach we have taken from the beginning.
    I will tell you who it will be that´s paying the bill if we don´t. You and I. Because the social welfare that will have to be paid to the victims of these frauds will come from our pockets. And don´t say that´s far fetched. Nigerian 419 scams are a multiple hundred million dollar per annum business. While they might not be stealing from you directly, the economic damage DOES affect you, too.
    What we do has saved many people a lot of money. We are contacted by dozens of people a day asking questions about fraud, seeking advice, which we gladly give.
    So you can continue to debate and whine about the problem, but you are not going to change a thing.
    We have decided that we are not going to take it. If nobody does anything for us, then we are going to do it ourselves.
    What you advised people “not to do” has killed off 5 fake banks in the past 24 hours and still continues to kill them off. We have the largest database of fraudulent websites in the world and our combined efforts have killed off hundreds of them so far. So please try to inform yourself better, before making yourself judge over something you don´t fully understand.

    “Lord Vader”

    for and on Behalf of
    an Initiative of the SAPS
    South African Police Services

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.