Saturday, October 23, 2010

New Spamming Trick (for me anyway)

There were two new comments on the post about Miller's admiration of East Germany's ability to protect its borders from its own citizens in my email box today.  Blogspot sends me emails of the comments as well as posting them.  This is especially helpful for comments on older posts that I wouldn't see otherwise.  While I can have the comments held until I review them, I don't need to do that.  (There was a month or two in the past where I did to monitor an interesting but sometimes abusive commenter.)  Blogspot's new spam filter does block some comments on its own that it suspects are spam which the blogger can then either delete or post.

Spammers try many different techniques.  The most common has been to say nice, but generic things about the blog, like "Gee, I really like your blog, it is very interesting."  The name and/or somewhere in the comment will be a link to their advertising site.

If they are good, they will even mention something from your post, "Your flowers are beautiful and I really like your blog."

But today there was a new twist, which got past the spam filters, even though the linked names of the commenters were Nail Fungus Cure and Impotence Pills.  When I saw the email the names instantly aroused my suspicions, but the comments were very relevant to the post.  And also familiar.  Familiar because they simply copied previous comments on that post. 

It's clear that humans are being hired to go to sites, figure out the captca codes and add some comment that is relevant.

But, according to Technologyreview, they are also sending solved captchas to be used automated spammers. 
But the inventors of CAPTCHAS probably didn't anticipate this: Hundreds, possibly thousands of laborers working for less than $50 a month to solve an endless stream of CAPTCHAS delivered to them by automated middlemen who sell the results to spammers in real time, so that their spam bots can use those solutions to post to forums and blogs as well as set up fraudulent email accounts, says a paper about to be delivered at the USENIX Security Symposium.
By the way, Wikipedia says captcha is an invented acronym for

"Completely Automated Public Turing test to tell Computers and Humans Apart."

This isn't a completely trivial post.  Spam costs time, money, and bandwidth.  But it's a a relatively easy post while I try to write something substantive on a talk at UAA Friday, a Senate race on the Hillside, and Ballot Measure 1 - the Constitutional amendment to enlarge the Alaska legislature.

No comments:

Post a Comment

Comments will be reviewed, not for content (except ads), but for style. Comments with personal insults, rambling tirades, and significant repetition will be deleted. Ads disguised as comments, unless closely related to the post and of value to readers (my call) will be deleted. Click here to learn to put links in your comment.