Category: Spam

Posted on
by

Lately I’ve seen an interesting pattern emerge in the comment spam logs here. Along with the usual collections of links to pills, porn, and watches, there are a bunch of trackback spam attempts using innocuous websites like Google and Yahoo and the phrase “this is very good,” over and over.

Title? “this is very good”
Blog Name? “this is very good”
Author? “this is very good”

The excerpt itself varies a bit, but is usually something like, “this is related article.”

I figure they’re either probes or attempts to poison blacklists.

What’s funny about these is that in the logs, the fields are all run together, so it looks like this:

author: this is very good title: this is very good blog_name: this is very good e-mail: …

The natural inclination is to break the phrases at the punctuation, so it looks like it’s saying, “This is very good title. This is very good blog name. This is related article.”—making it sound like Zathras is behind the keyboard!

Posted on
by

After my latest round of supposed anti-fraud notices claiming to be from banks with which I don’t have any accounts, it occurred to me that phishing, 419 scams, email spam, blog spam, etc. are all scattershot approaches. They seem so obvious to those of us who are used to seeing them. It seems unthinkable that someone would fall for a phishing attempt that identifies itself as someone else’s bank, or buy pharmaceuticals from someone who can’t spell d.Ruugz. But they’re not intended for us. We’re just collateral damage.

Direct marketing often makes at least an effort to aim, because paper and postage cost money. That’s why businesses and charities will mainly share/sell their mailing lists among similar organizations, and not some random list of people. In this way, direct marketing is like riflery: you want each shot to be as accurate as possible.

Email, however, is cheap, and most spammers are using someone else’s resources to send out the mail anyway. It’s long been pointed out that they don’t care if 99% of their messages get lost in the ether. They only need a fraction of their list to respond. It’s like using a machine gun: you don’t have to aim, just spray the general area and at least one bullet is likely to hit your target.

So phishers don’t have to match their pitches to each recipient’s bank. If they plaster the net with messages claiming to be from Chase, it doesn’t matter if most of their messages hit Wells Fargo customers. Statistically speaking, some of the recipients will have Chase accounts, and some of them will be fooled, and that’s all they need to collect their virtual loot.

And the rest of us? Bystanders caught in the drive-by.

Posted on
by

You’ve probably heard by now that AOL and Yahoo are preparing a system by which large-volume email senders can pay to get their mail sent on to subscribers. You probably haven’t heard that it’s not just pay-to-send so much as it’s pay-to-get-accredited. Senders pay a company called Goodmail to say “we won’t send spam,” Goodmail checks them out, and Yahoo and AOL use Goodmail to bypass their regular spam filters.

This, of course, hasn’t stopped a flood of knee-jerk reactions. (via Spamroll)

What’s funny is that this conundrum has been almost exactly like the controversy two years ago over Microsoft choosing Bonded Sender as an accreditation service/whitelist for Hotmail—knee jerking and all.

Back then I wrote the following article and never got around to posting it. Thanks to AOL, it’s finally topical again. Sadly, I haven’t had to change much to bring it up to date. Continue reading

Posted on
by

Last week I received a message offering a 30% discount on Norton Internet Security 2006. It claimed to be from Symantec, but the email address was at digitalriver.com, and all the links—including the ones that claimed to be at symantec.com—went to bluehornet.com.

Now 5 minutes of research turns up the facts that Symantec does work with Digital River and Digital River owns Blue Hornet. And it did go to the address I used to register Norton Antivirus last year. So it’s probably a legit offer.

But let’s think about this for a minute.

Assuming it’s legit, Symantec—a company that deals in internet security—is deliberately sending out offers via third-party domains, email and web servers. Depending on how security-conscious you are, they are either making their messages look suspicious or training users to ignore warning signs.

Or have you never seen spam offering enormous discounts on Norton products? Which generally turn out to be pirated. And I seem to recall—though I can’t find an article to back it up—that the bootleg copies are often infected themselves, or crippled in some way.

Given how many shady operators are out there, taking advantage of the big guys’ name recognition, you’d think the big guys would at least make some effort to make their own offerings look less, well, shady.

Posted on
by

eBay must have some sort of blanket advertising deal with Google, because the “sponsored links” you get for some searches really don’t make any sense.

Case in point: I did a Google search for the phrase, “nigerian scam,” and saw the following ad:

Looking for Nigerian Scam? Find exactly what you want today

Wow, when they say, “Whatever it is, you can get it here.”—they really mean it! 😉

Interestingly, if you search for “419 scam,” you get the same type of ad, but not if you search for “advance fee fraud.”

I tried a few random search terms, and from what I can tell, eBay’s ad shows up on many—but not all—two-word searches. I’m not sure what the pattern is, but I can’t imagine someone at eBay deliberately asked to buy ad space for some of these phrases.

But in a show of accuracy, if you search for “random stuff,” you’ll find it!