Thursday, October 20, 2016

Russian Spam Returns

UPDATED: There has been a flood of 3 hit drive by spams out of Russia via Ukraine ever since these hit. In fact, there are too many different ones to look into so it appears that we’re under siege again.

Original Post:

It looks like I spoke too soon about Blogger having improved on blocking Russian spam referrals. Once again a flood of unwanted fake referrals showed up in Stats and of course it is all from Russia or rerouted through Ukraine. Reinstalling TOR to check out the sites was an annoyance I’d never planned on doing again, but I’m in a bad mood these days so once again it is time to inform people of the garbage being pushed out.

Remember, never click on suspicious links in your Blogger referrals. I’ve taken the precaution of running an anonymous browser system within a virtual machine to take these screenshots because you never know what kind of malware might be pushed through the code embedded on these pages.

On to the spam…

domain2008

First up is the most prolific, www . domain2008 . com which has shown up over one hundred times in the past 48 hours. It purports to be a whois lookup site, but one of the tricks of the malware trade is getting people to input their websites to see how popular or valuable they are. All that really happens is the site goes into a database to be sold off to other spammers to hit.

voloomoney

Next up is voloomoney . com / buy / kupit-gold-wow / which is a shady game currency selling website. Specifically selling World of Warcraft gold, it also has pages for other popular online games. Amazingly, there are people willing to give their credit card info to buy in game currency (rather than earning it) without ever thinking that mysterious charges will start showing up in the future.

There really is a sucker born every minute.

heatpowerru

Last is a link to heatpower . ru that make me a little sad. There are SEO (Search Engine Optimization) specialists who charge money to help generate traffic to websites. They prey upon businesses who have no clue on how it all works and the most dishonest SEO types take the money and simply setup spambot networks to pump out untargeted spam all over the place. That’s what appears to have happened with this link to a manufacturer of boilers and water heaters hoping to expand their business.

Sigh. Like war, spam never changes and is always out there somewhere.

No comments: