Website Monitoring Blog

Spammers have evolved to perpetrate some pretty complicated schemes to get their wares (and warez) to large audiences. Recently they’ve shown sophistication beyond simple mailings by breaking CAPTCHA codes, enlisting decoy social networking sites and blogs, and even some search engine optimization.

It’s a tangled web, the intricate knitting started with exploiting CAPTCHA (Completely Automated Public Turing Test to tell Computers and Humans Apart-in case you never knew) vulnerabilities to set up email accounts, which are required to set up blogs and/or profiles on social networks with enough traffic and clout to pop up in the search results.

Google’s Blogspot has been a popular target for splogs (spam blogs) because of the cost-free simplicity of setting one up. MessageLabs Intelligence’s latest report shows Blogspot is still a popular target, as is social networking site Bebo.

The first specific example given by MessageLabs involves MobileMe (formerly mac.com) and Blogspot. The mac.com email address-jxfkjxfosb-seems obviously machine generated, and the addressor’s name is as random. It doesn’t take security experts to know an email form jersey cow ribbons, shadow assimilate, is likely a fake, especially if the subject line is about “Che*-pest meds we have.”

Along with the email is a link to a Blogspot blog, and once followed leads to what appears to be a real blog lame enough to be titled “My Blog,” but with an actually cogent post (weirdly dated and supplemented with Japanese script). But after a few seconds the visitor is redirected United Pharmacy, the “#1 Internet Online Drugstore” site, as opposed to the “Best Outside Not Inside Drugstore” or the “#1 Large Big Feline Cat Shop Store.”

Being able to automate email address creation also makes it easier to set up accounts around the Web. MessageLabs searched on Google for “Cialis,” and in the top three search results was a spam profile set up on Bebo. We weren’t able to reproduce, perhaps because Google caught on. On page 4 for the same term on the American site, we did find a result linking to gaming site Kongregate. Cialis says announces on (his?) profile “Enough to seek Cialis!” indicating, we think, you can stop looking now.

Point is, this is all a bit higher level than traditional spamming: CAPTCHA breaking, automated account/content creation, interlinked media and search placement. Think how well these folks’d do if they did legitimate work. It also makes it trickier to deal with. Things can look legit but aren’t, so the standard advice still goes: don’t follow strangers around on the Internet.

Jason Lee Miller, securitypronews.com

Popularity: 59%