November has brought cold winds with it and a flood of Russian spam on the 3rd. The false referrals on my Blogger stats lead to a baffling variety of blogs. Only one is an obvious attempt to sell things, which makes it very mysterious that they all came at once. Oddly, all showed up four times with the exception of the first. All use Wordpress and none have ads placed on the pages, but do have LiveInternet statistics links.
UPDATE: Continued with a theory of why these are being sent out.
Now the individual links:
http : / /www . kyho . ru / was the first to arrive Sunday morning. I copied the link for future investigation and headed out to church. Little did I know that it was the first of a larger group of spam arriving through early Monday.
Firing up my virtual machines for safe and compartmentalized browsing, I found out I’d be using Google translate a lot in trying to decode the mystery. This site is dedicated to hair care with repetitive posts which raises suspicions of being an automated site scraping content from legitimate blogs. There are no comments and it is a barebones blog layout. It also was last updated in November 2011!
With no ads and no immediately visible malware on the page or in the source code, it looked like another case of zombie spam.
Next up was a specific blog page, http : // ispanialife . ru / ?m = 20120702 which was about tourist travel to Spain. Barebones with a different default template, it was laid out much like the previous blog.This one is glaringly fly by night with poor handling of oversized photos and only being posted to for a few months. The last update was in July of 2012.
Out of curiosity, I checked out the LiveInternet link at the bottom left which revealed nothing sinister. It looks like a Russian based stat counter with password protection for the owner of the site using it.
So with two popular interests covered, beauty and travel, I shouldn’t have been surprised when a tech site showed up. http: // abilitytech . ru / ?m = 20120608 contains posts on wireless internet technology for hooking up entire neighborhoods. Once again the posts are repetitive looking like material skimmed from elsewhere.
It was up longer with posts going back several years. Links within the posts are broken producing 404 errors. Like the previous blog, it was last updated in July 2012.
Let’s see, what else is popular on the Net when trying to get people to part with money? How about fixing a bad credit rating or building up a good one? http : // creditlorow . ru / ?tag = popolnenie-oborotnyx covers that.
Again a broken layout shows in small ways, again it is a blog last updated in 2012, and again I can’t find a service being sold. Just what is up with all this weird spam?
Tourism returns with http: // hesd . ru / ?p=270 discussing tours to Turkey, Thailand, and other destinations. Broken links in posts and a last post made in July of 2012 fits the growing pattern. Only active for a few months, the blog shows no signs of life now.
http: // nobeleff . ru / ?p=87 offers a familiar layout and lifespan. Started in April 2011, it went dark after September of 2012. Yet again the content is repetitive and appears taken from other sites. The one thing different is that it is all about the Nobel prize and its founder. Not exactly click bait, that subject.
Of course, farming had to be the next subject. You saw it coming right? http : // nuwe . ru / ?p=164 is the first blog to put a name to the blogger, Jura Pyrozhkov. In the about page, it also announces the intention of helping novices in agriculture get started and advising experienced farmers. This one actually looks legitimate.
However, it uses the same generic template and had a short life from March 2011 to October 2012. Still, it looks like real content unlike the others. This run of referral spam is confusing, to say the least.
The last to arrive was also the only transparent one. There can be no doubt that http: // sylq . ru / rabota / ayurveda-imbir-pohudenie . htm is trying to sell you something. In this case, it is a sure fire way to lose weight! Green coffee and ginger from Argentina will do all the work for you! Yeah, and I have a bridge in Brooklyn for sale – cheap.
This site is still active, at least from the testimonial comments posted though they appear to be of dubious origin. Warning: NSFW photos of obese women in underwear in the comments, but hey, you shouldn’t be visiting these con artists anyway.
It’s obvious that all this spam showing up at the same time means they are connected. That’s the only solid theory due to the fact so many links are to dead blogs with no ads or anything else that would make money. Looking at the source HTML revealed nothing suspect, though I’d like a professional coder to take a look at them.
I suspect this is a case of zombie spam, where the automated bots are still pumping out false referrals when the sites paying for it are long gone. This may be due to laziness of the people hired to spam with them not bothering to remove entries in the software they use. Possibly the old sites were mistakenly sent out along with the weight loss one, but all of this is idle speculation.
Anybody else have any theories why these sites are showing up now?
No comments:
Post a Comment