For a bit of festive season fun, we thought we'd look at some spam.
Long-term readers will know that we have a tongue-in-cheek list of spam categories, taking us well beyond just unsolicited email.
Over the years, we've added the following spam variants to our menagerie:
- SPIT - spam using internet telephony
- SPIM - spam over instant messaging
- SPASMS - spam via SMS
- SPATTER - spam via Twitter
- SPEWS - spam through electronic web submissions
SPEWS, of course, often end up converted into emails and directed inwards by the form submission page on your webserver.
→ It's generally a good idea to treat your web server as an untrusted email sender, even if it is inside your network, and to put any emails that it generates (especially if they might contain content entered online by someone outside your network) through your usual email filtering process.
SPEWS are also common on blogs and and forums where commenting is allowed, not least because many forums allow web links to be entered into comments.
A site that can easily be tricked into re-publishing clickable links for free is a useful resource to spammers (or to bots working on their behalf).
That's what the spammer was trying to do in the examples below.
We're saying "spammer," even though numerous IP addresses were used and a range of topics covered, because the "comments" we've chosen in this case all follow a very similar pattern.
The formula is pretty simple.
There's a short, generic and not terribly grammatical burst of praise, like this:
An interesting discussion is worth comment. I think that you simply really should write a lot more on this topic, it could possibly not be a taboo topic but normally people aren't sufficient to speak on such topics. To the next. Cheers.
Then there's a URL.
It's hard to imagine why anyone (except perhaps another spammer wanting to see what the competition was up to) would click on any of the URLs we've seen in this campaign, as the links have no relevance to computer security at all, let alone to the article on which they claim to be commenting.
Nevertheless, this spammer has been quite persistent in his or her flattery.
We "made certain nice points," apparently:
There is noticeably a bundle to know about this. I assume you made certain nice points in features also.
And we received "a huge thumbs up," too:
Hello! I just would like to give a huge thumbs up for the great info you have here on this post. I will be coming back to your blog for more soon.
Occasionally, the spammer gets rather caught up in it all, and bigs us up enormously:
Youre so cool! I dont suppose Ive read anything like this before. So nice to find somebody with some original thoughts on this subject. realy thank you for starting this up. this website is something that is needed on the web, someone with a little originality. useful job for bringing something new to the internet!
But once in a while, the flattery stops and we are confronted with criticism instead:
The next time I read a blog, I hope that it doesnt disappoint me as much as this 1. I mean, I know it was my option to read, but I really thought youd have some thing intriguing to say. All I hear is often a bunch of whining about something that you could fix if you happen to werent too busy looking for attention.
Ouch! Take that, Naked Security!
Perhaps the spammer hopes to be taken more seriously by unleashing some tough love in amongst the toadying remarks?
But what if we had approved the comment anyway, and retained the suspicious-looking URL it contained?
The URL that was added to this comment included the text string rolexwatches in its domain name, while the path part of the URL mentioned Air Jordan footwear.
That might seem a curious combination, but it was the footwear that was the the sales goal this time.
Clicking the URL takes you to an astonishing piece of prose on a free blog hosting service:
Possibly me and my teammates aloof bought pairs from a abnormal shipment? One guy alternate them and exchanged them for the atramentous and blah colorway and had no troubles.
If you end up motivated to click through by the admittedly confusing text above you will indeed be offered Air Jordans for sale:
And if you've had any misgivings about how you got this far, you can relax!
You're on a secure site, at least according to the site itself:
And there you have it.
It seems that flattery alone doesn't get you everywhere, after all.