Revealed - the most eclectic spam in the world!

Filed Under: Featured, Spam

When we write about spams and spammers, it's usually as part of a security warning.

But from time to time, we write about them simply because they've made us laugh.

They might have been hapless, bizarre or even insulting.

We once had an email offering us a liver, or part of one, in case we needed a transplant:

And we had a comment spammer who seemed to think that insulting us would be a good way to persuade us to approve his comment:

The next time I read a blog, I hope that it doesnt disappoint me as much as this 1. I mean, I know it was my option to read, but I really thought youd have some thing intriguing to say. All I hear is often a bunch of whining about something that you could fix if you happen to werent too busy looking for attention.

Today, it was haplessness, when a comment spammer's automation tools went wrong and posted more - much more - than was intended.

Artisan versus industrial

As you can imagine, we get a lot of SPEWS (Spam though Electronic Web Submission) on Naked Security.

That's where spammers and scammers fill in our comment forms in the hope that both our spam filters and our moderators will fail to notice that thay're spammers and scammers.

The spammers don't hand-craft every message, because they simply don't have time.

An artisan approach would almost certainly increase their success rate, at least on moderated sites, because they could tune the message to the article and thus sound more believable.

But artisan spamming doesn't deliver volume, so the submitters of SPEWS rely on an industrial approach, just as with email.

There's a database of generic comments, and a tool that picks one and uses it in a comment, often with a touch of cheerily believable happiness, something like this:

Some ask for advice:

Others go right over the top:

There's the occasional irony, which is always good for a chuckle:

One or two of them are presumably meant to offer praise, but come out as insults, like this one:

And a few of them strain impressively at the bounds of comprehensibility, if not actually bursting free from them entirely:

Sadly, you can see for yourself how far and wide these SPEWS get by using your favourite search engine to look for some of the more unusual text strings, such as "really really fastidious" and "far added agreeable."

Over time, you (or, at least your comment spam filter) will build up an extensive collection of these curious comments, which you'll find mirrored widely on the web.

Or you might get lucky, like we did, and get 61 comments from the spammer's database all jammed together into one huge submission, for added amusement:

There's a lot of "fastidious" in there.

They keep using that word; I do not think it means what they think it means.

, , , ,

You might like

16 Responses to Revealed - the most eclectic spam in the world!

  1. Anonymous · 518 days ago

    I'm confused. There are no links for anyone to click on... So how do these people make money from spamming these types of comments?

    • Anonymous · 518 days ago

      It could always be the case that they are just not very smart and missed a step.

    • Out of the box WordPress allows you to type in your website URL into a specific field next to your name, email and comment - that's where the spammers put their links.

      Including a link in the text would be a red flag to a spam trap.

      We ditch the website that's entered into the website field (although we can see it when we moderate) and our theme doesn't ever use it or show it - so even if the spam got through our spam trap and human moderation it would still be of no use to the spammer.

    • Paul Ducklin · 518 days ago

      Ah, I didn't show the URLs. (Firstly, in the WordPress GUI they don't appear in the same box as the comment text itself. Secondly, ahhhh, they were spam links. Thirdly, they just weren't fastidious enough - I tried them in 3 different browsers and even conveyed my sister in Lubbock Texas, all to no avail.)

      Probably should have made that clear.

  2. RichardD · 518 days ago

    Sounds like the template SPEW Scott Hanselman got a while back:

    [link removed]

    Of course, this comment is probably going to get flagged as spam, since there's a link in it!

  3. Anonymous · 518 days ago

    Where is the Spam ?

    • Paul Ducklin · 518 days ago

      Oh no! Don't tell me all those messages were all legitimate communications from genuine readers of Sophos Naked Security!

      I guess I was overly fastidious in rejecting them :-)

  4. Guy · 518 days ago

    Personally, I'd go for the Hitchhikers version:

    "Ah, this is obviously some strange usage of the word "fastidious" that I wasn't previously aware of.'

    [Link removed]

    Just sharin'...

  5. LindaB · 518 days ago

    Just have to read the way the comments are structured to know they are not in normal grammatical English, whether UK or US form. That's always the first clue and should lead readers to reject the message as it is basically uninteligible to users of spoken and written English as is commonplace either in the UK, US, Australia, etc.

    • deramin · 518 days ago

      There's a legitimate commenter on another website I frequent who writes exactly like this. It's like watching the neighbors kid run around with a lawn mower demanding attention while mauling your flowers. If this person didn't have such artisanal comments and no links, I'd swear they were a spammer.

  6. Pete · 518 days ago

    It's a bit of a chuckle that most of these spamiferous people don't seem to realize that their atrocious grammar gives them away. They prolly need to ramp up the fastidiousness.

    • Fred Fnord · 518 days ago

      They're perhaps a little slow...tidious.

    • Magyver · 518 days ago

      Pete, they don't realize the mistakes because most are non-English speaking, and used a bad translator to convert what they think is flattering words to English.

      Besides, over 90% of them are programmed bots, and many are using older outdated spammingt software. I'll go see if I can find any "beauties" for you guys, BRB.

      (I have 4 Worpress sites)

      • Paul Ducklin · 517 days ago

        I'm not convinced that "I was so bored I decided to read your website" is flattering in any language :-)

  7. Magyver · 518 days ago

    Here's one from a spammer from Hanoi Vietnam. This type of spam is defined as when the spammer pretends to be concerned with your website and is trying to help out with technical problems:

    "hey there and thanks to your info ? I’ve certainly picked up anything new from proper here. I did on the other hand experience some technical issues the use of this web site, as I skilled to reload the web site many instances prior to I may just get it to load properly. I had been brooding about in case your web hosting is OK? Now not that I’m complaining, however slow loading circumstances occasions will often have an effect on your placement in google and could injury your high quality ranking if ads and marketing with Adwords. Anyway I’m adding this RSS to my e-mail and can look out for a lot more of your respective interesting content. Ensure that you replace this once more soon.."

    I've got way better stuff than that Paul! (enjoyed the article)

    • Paul Ducklin · 517 days ago

      If your stuff is that good, you probably ought to convey your sister.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog