Steve Lamb's Blog

Security Matters

Blogs

Blog Spam / Phishing / Harvesting

  • Comments 5
  • Likes

Many Blogs are receiving feedback with links to the following URL - DO NOT FOLLOW THIS LINK(that's why I've left off the http:// prefix) "cool12xp.s20.xrea.com".

Typical entries have the title of "Great article" with text along the following lines:

"Great Site! Keep it up!Great site,keep it up, thanks !Here is my site, you can found some resource at there"

The major search engines come up with hundreds of hits when searching for the URL. This looks more like time wasting to me rather than something malicious as upon first (very brief inspection) the site doesn't appear to execute hostile code though it is full of none ASCII characters.

Rumour has it that the site is malicious in that it harvests information from your blog and uses that to propogate SPAM to the email addresses of all those who posted feedback to your site.

I've searched the usual security sites and news sites and haven't found any articles or alerts on this. I'll spend more time checking it out and report back. If anyone out there knows more then please hit the "feedback" button and share!

Comments
  • Yeah it's just blog spam, nothing malicious. They're just trying to boost their websites' Google Rank.

    It could very well be one of those bots/scripts doing the rounds. I've seen something like what you've mentioned posted as comments on other blogs out there as well.

    Which leads me to suspect it's an automated attack.

    The non-ascii characters are actually Chinese characters. The site is basically promoting some "free" online movie downloads.

    I think this is more spam, than a security issue, so you probably won't see it on a security website.

    Or perhaps it could even be a host of many machines that have been infected, once infected they are "activated" and go browsing through many blogs and in an automated way, attempt to spam them?

    Ah, who knows? I'm just speculating here (as in the above paragraph), so it could really be anything really.

  • I'd say it's spam, too - I see loads of these in comments/guestbooks lately, some plain advertising (buy viagra), some 'great site, look at mine', one even with a crude joke.

    'They' try everything to get more audience. And who can really say if a post is 'real' or 'hidden advertising'.
    Even my post here could just be a try to get more audience to my site, how would you know?

    conclusion: I don't have a guestbook anymore. pity.

    Sam