Destroy all Malware

More Blog Comment SPAM

Tue, 01 Nov 2005 00:00:18 GMT

I've seen a rather large up-tic in blog comment SPAM. My logs are showing 4000 blocked blog comments SPAM in the last seven days. That's about 3 times more than the previous week.

Le SPAM bot

Sun, 30 Oct 2005 12:35:38 GMT

The entire KBCafe.com Website has a bot called Le SPAM bot, which checks all comments against a well-known SPAM keyword list and deletes the comments. I noticed that it hadn't been doing it's job of late and when I checked the logs, I found it had mostly stopped working a few months back. I recoded it and set it loose last night and it's been deleting SPAM-like comments all night.

Anti-Spyware Coalition Finalizes Spyware Definition

Thu, 27 Oct 2005 20:54:03 GMT

PR: ASC today unveiled its final, consensus definition of spyware, which was developed by coalition members including major anti-spyware companies, software developers and public interest groups.

http://www.antispywarecoalition.org/documents/definitions.htm

Google Splog

Thu, 27 Oct 2005 20:05:34 GMT

I report a tremendous amount of clickfraud and splogs to Google in various manners (email and clicking on Ads by Google, filling out the form). In early September, I noticed that Google was terminating Blogspot and AdSense accounts that I was reporting. This has stopped. Obvious clickfraud and splog accounts are no longer being terminated by Google. Splogging accounts I reported more than a month ago remain active (both AdSense and Blogspot). Accounts where the blogger actively encouraged clickfraud remain active (AdSense). This is very disturbing. I've backed Google in the past, because I did see some accounts being terminated, but of late, that has stopped being true. Don't be evil? Google's failure to address splogs is verging on evil.

Unless things change in the next week, I will begin publishing the splogs that I've uncovered, reported to Google and remain active.

Update: An an employee of Google has contacted and I sent him the relevant communications (the list of splogs). I hope there's action.

How to Fight Those Surging Splogs

Thu, 27 Oct 2005 14:10:56 GMT

Wired: Blogger recently added a word-verification system, Captcha, to the blog-creation process.

Randy: It's amazing how misinformation can spread. Wired reporter Nicole Lee has followed Mark Cuban's lead in claiming that Blogger just recently implemented word-verification during the blog-creation process. Fact is, they added it six months ago. A new problem with the fight against splogs is the amount of misinformation being spread by bloggers and the media.

Keyboard Loggers Hoaxlore

Mon, 24 Oct 2005 09:09:50 GMT

Last week, I reported a tale about possible DHS keylogging. The tale is revealed at snopes.com as a complete hoax.

Claim: Account claims Dell is selling computers with keyboard loggers installed at the behest of the Department of Homeland Security.

Status: False.

Although furtive eavesdropping on computer activity is certainly possible, the specific tale presented [cut] is nothing more than an example of "government conspiracy" type hoaxlore.

http://www.snopes.com/computer/internet/dellbug.asp

Google spam suite primer

Mon, 24 Oct 2005 09:05:52 GMT

Niall Kennedy: Google provides a full suite of services for the entry-level blog spammer. There are plenty of legitimate uses for all of these Google services, but Google's market-leading position in search creates a spam ecosystem that inflates corporate revenues, index size, and user data. Google's blog hosting service, Blog*Spot, received a lot of attention this week as blogosphere neighbors threw up their arms in protest of the host, which is like the seedy motel at the edge of town that rents by the-hour.

Randy: Niall does a good job of enumerating the services Google provides that are being repurposed by sploggers.

Hackers Hide Malicious JavaScript

Sun, 23 Oct 2005 16:44:33 GMT

TechWeb: Hackers and scammers have suddenly turned to a new technique to hide malicious JavaScript on compromised or criminal sites, a security researcher said Thursday. According to Dan Hubbard, the senior director of security and research at Websense, a family of obfuscation routines with the umbrella name of "JS/Wonka" has spread wildly in the last few weeks.

http://news.yahoo.com/s/cmp/20051021/tc_cmp/172302768

Update Jagger: Contacting Google

Sat, 22 Oct 2005 17:09:21 GMT

Matt Cutts: You see a low-quality site that is running AdSense. If you run across a site that you consider spammy and it has AdSense on it, click on the “Ads by Goooooogle” link and click “Send Google your thoughts on the ads you just saw”. Enter the words spamreport and jagger1 in the comments field.

http://www.mattcutts.com/blog/update-jagger-contacting-google/

Randy: OK, I've seen this suggested several times now. I think I'm gonna start following this procedure and tracking the results.

Splogs + Scraping + AdSense = Fraud

Sat, 22 Oct 2005 17:06:15 GMT

SEOBlog: As the average commission earned by sites running AdSense generated advertising is approximately $20/month, webmasters working this type of scheme need to create hundreds, if not thousands of pages to make a living. In order to create those pages and attract ad-clicking visitors, content must be created, begged, borrowed, or most commonly, simply stolen. Known as Splogs , these sites only exist to game Google in one way or another, mostly for money but also for increased search rankings or as a means of manipulating search spiders.

http://news.stepforth.com/blog/2005/10/splogs-scraping-adsense-fraud.php

When is Google Going to Confront Blog Spam?

Sat, 22 Oct 2005 03:07:54 GMT

Contentious: Hello, Google? I know you like it when people use Adsense, but this really is a problem and you should do something about it.

Meet the Sploggers

Fri, 21 Oct 2005 14:50:40 GMT

Robert Stockton: To help the rest of the 'sphere feel more comfortable with your less-than-popular neighbors, I'd like to introduce you to some of the other colorful players on the block and their wily splogging ways.

Hexadecimal Dan
Max-Volume Pete
Affiliate Fraud Fred
Search Term Sally
Pen-Pal Patty

http://blog.blogpulse.com/archives/000424.html

Randy: A great article profiling various splogger archetypes.

N.Y. Spammer Sentenced in Closed Session

Wed, 19 Oct 2005 01:59:06 GMT

AP: MySpace hired Greco to write a computer program that would send its users instant message ads for adult and mortgage refinancing Web sites. [cut] After sending the spam e-mails, Greco contacted MySpace and requested permanent employment to guard against more spam and to get exclusive rights to send commercial e-mail through the site. When his request was ignored, prosecutors said, Greco threatened to tell others how to spam MySpace users.

Randy: The plea says that MySpace hired Greco originally to SPAM its own users.

Why Captcha will never work

Tue, 18 Oct 2005 20:37:29 GMT

I came across this captcha today. Any ideas what I should type?

SplogSpot

Tue, 18 Oct 2005 20:31:47 GMT

SplogSpot is a lot like Weblogs.com, but for reporting new splogs. Users can submit blogs as SPAM. Developers can use their API to determine if a blog is SPAM.

http://splogspot.com/

Mark Cuban on Blogspot

Mon, 17 Oct 2005 05:46:48 GMT

Mark Cuban: We shut out adding new blogspot posts to our index until we clean all the bullshit you dumped on us out of our indexes. We will turn them on once we update our filters to resolve this fine mess you got us into , which hopefully will be tomorrow

http://www.blogmaverick.com/entry/1234000717063627/

Randy: When Mark says we, he means IceRocket.

Google Responds

Mon, 17 Oct 2005 05:41:59 GMT

Chris Pirillo: An hour ago, I received a message from a Google staffer by the name of Cédric:

Just wanted to let you know I brought up your post internally. We'll be doing something about it shortly. Sorry for the trouble it caused you and thanks for bringing it up!

Enumeration of Splog Domains

Mon, 17 Oct 2005 02:18:48 GMT

Chris Pirillo does a screencast where he enumerates the domains that are hosting splogs that showed up as 403 new PubSub search results.

blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com
blogspot.com

http://chris.pirillo.com/images/blogspotspam/blogspot.html

FBI Raid Shuts Down Suspected Spammer

Mon, 17 Oct 2005 01:32:50 GMT

AP: A man described as one of the nation's leading senders of spam says an FBI raid on his home office has halted his e-mail operation. [cut] Ralsky, 60, has said that he has 150 million or more e-mail addresses, and he has been a target of anti-spam efforts for years. Verizon Communications Inc. sued him in 2001, saying he shut down its networks with millions of e-mail solicitations.

http://news.yahoo.com/s/ap/20051017/ap_on_hi_te/spam_king_2

Randy: Here's the problem, even though we've known him to be a SPAMmer, it took us 4 years to act on that knowledge.

Fight Splog!

Sun, 16 Oct 2005 20:52:52 GMT

A new Website to fight splog. FightSplog.com. They have a blog. Subscribed.

http://www.fightsplog.com/

Google: Kill Blogspot Already!!!

Sun, 16 Oct 2005 15:40:40 GMT

Chris Pirillo: In the past few days, I've been inundated with an enormous amount of subscribed search spam for designated keywords. 99% of the crap coming in is directly from a single domain: blogspot.com.

http://chris.pirillo.com/blog/_archives/2005/10/16/1302867.html

Randy: Confirmed! I get much of the same. At one point, it looked like Google was shutting down the Blogspot SPAM and even shutting down Adsense on splogs. This seems to have stopped. I don't think Google needs to shutdown Blogspot.com, but surely they need to devise a strategy to stop the splogs.

Microsoft to help Nigeria fight spam

Sat, 15 Oct 2005 02:48:46 GMT

FinancialTimes: Microsoft, the world's largest software company, yesterday agreed to help the Nigerian government fight internet crime, such as online fraud, spam emails and viruses.

http://news.ft.com/cms/s/02c8d140-3d19-11da-83c8-00000e2511c8.html

Internet Spam Gang Fined $37 Million

Sat, 15 Oct 2005 02:45:35 GMT

InformationWeek: The Office of the Massachusetts Attorney General is looking for Leo Kuveyev, the leader of the "Internet Spam Gang," whose illegal spam operation was fined $37 million by a Boston judge this week.

http://www.informationweek.com/story/showArticle.jhtml?articleID=172301006

Still the Spam Superpower

Fri, 14 Oct 2005 04:40:45 GMT

Top Tech News: 26.4 percent of the world's spam emanated from the United States. [cut] South Korea was 19.7 percent of the world's spam. [cut] China was pegged at 15.7 percent. [cut] France (3.4 percent), Brazil(2.6), Canada (2.5), Taiwan (2.2), Spain (2. 2), Japan (2.0), Britain (1.5), Pakistan (1.4) and Germany (1.2) rounded out the "dirty dozen."

Sophos: The United States and Canada have significantly reduced their role in the problem.

http://www.toptechnews.com/story.xhtml?story_id=0310035BMDVS

DHS Keystroke Logger?

Fri, 14 Oct 2005 03:19:12 GMT

Hal Turner: Computer manufacturers appear to be cooperating with the Department of Homeland Security to make every person who buys a new computer subject to immediate, unrestricted government recording of everything they do on those computers! EVERYTHING! This information can be sent to DHS, online, without your knowledge or consent, without a search warrant or even probable cause! That's why this device is hard-wired directly into the ethernet card, which communicates over the internet!

http://www.halturnershow.com/KeystrokeLoggersInAllNewComputers.html

Randy: Would love a confirmation! Anybody else see something like this? No, I'm not opening my laptop to check. I'm not a hardware person.

cross-posted

Link Email SPAM

Mon, 10 Oct 2005 16:16:36 GMT

Here's an email I've been getting quite often these last few days.

Hello kbcafe.com,
I've visited your website http://www.[Name] today, and really like it.

You can image how it continues. I guess these guys make so much money that quality control is not a factor. I often click thru to see what type of site is behind these schemes. In this case, it turned to be a legit business. I'm guessing that bought a SPAM package to improve their Web presence.

Anti-spam user authentication is worse than useless

Mon, 10 Oct 2005 11:14:12 GMT

John Leyden: Claims that user authentication schemes will reduce spam are not just wrong but "wrongheaded", a security researcher warned on Friday.

Randy: I don't buy this. Read the article and you'll note it lacks any real substance. The argument seems to be "it's not just breakable but trivial to break" and therefor it's bad.

Dutch smash 100,000-strong zombie army

Sun, 09 Oct 2005 03:52:15 GMT

The Register: Dutch police have arrested three people for building a worldwide zombie network of more than 100,000 PCs used to launch internet attacks on companies and to hack into bank and Paypal accounts.

http://www.theregister.co.uk/2005/10/07/dutch_police_smash_zombie_network/

Yahoo hates the spam, loves the spammer

Wed, 05 Oct 2005 00:17:57 GMT

Chet: Well I am going to save millions of dollars of research for yahoo. Want to stop a bunch of spam, yahoo? Stop hosting spammers.

http://www.donotreply.com/archives/000003.html

Can writing software be a crime?

Mon, 03 Oct 2005 23:52:52 GMT

Mark Rasch: On July 21, 2005 a federal grand jury in the Southern District of California indicted 25 year old Carlos Enrique Perez-Melara for writing, advertising and selling a computer program called "Loverspy," a key logging program designed to allow users to capture keystrokes of any computer onto which it is installed.

http://www.securityfocus.com/columnists/360

California Law Targets Phishing Scams

Mon, 03 Oct 2005 18:29:19 GMT

BetaNews: California Governor Arnold Schwarzenegger signed into law on Friday a bill that makes "phishing," or identity theft, scams a civil offense.

Randy: Another lame attempt at legislation. This law give users the right to sue for a half million after-the-fact. Guess what? Phishers aren't running operations out-of California. They're in Russia and China and not likely to show up to trials in California.

Google's Blog SPAM

Mon, 03 Oct 2005 14:46:15 GMT

Last month, Google made an effort to conquer blog SPAM with a Blogspot flag day and by cancelling Adsense accounts where the ads are displayed on splogs. The last couple weeks, I've noticed a new uptake in splogs with Adsense on them. So, I compiled a list of all the splogs I've reported to Adsense in the last few weeks. Most of them are still running Adsense. Has Google stopped helping in the fight against splogs?