Over the past 96 hours Plagiarism Today, as well as likely other sites, has been the subject of a massive spam attack across a variety of formats and domains.

The attack, which appears to have begun sometime on Friday, has been persistent for the past four days. However, at this juncture, it appears that my defenses are holding fairly well. Fortunately, reCAPTCHA was able to keep all of the spam comments from reaching the surface and Akismet only let about two or three dozen of the trackbacks through. All in all, the vast majority of it so far has been blocked, but more than enough seeped through to obtain my attention.

What appears to have happened is that an affiliate for Sportsbook.com has been created dozens, if not hundreds, of spam sites and sending out massive amounts of comment and trackback spam to promote them.

But while there is little unusual about the technique other then the sheer volume, hundreds of messages at this site alone, there are other elements of this attack that are unusual and may be a sign of what is to come in the future of Web spam.

Anatomy of An Attack

The attack, so far, has involved hundreds of trackbacks and comments spent from a variety of IP addresses across the globe. The wide disbursement of IP addresses seems to indicate the likelihood that the spammer is using a botnet, which in turn indicates that this attack involves many more sites than just this one.

The trackbacks and comments generally are filled with gibberish about gambling, often in a foreign language, and are linked to a variety of posts across a wide range of servers. The only thing consistent about the comments and trackbacks was that all I have seen attempted to bold a passage in the spam using the “strong” tag.

However, what made this attack somewhat unique is the links that the spam messages pointed to. Rather than using the usual mixture of throw away domains and blogspot blogs, the sites were spread all over the Internet including at sites that have not, traditionally, had a major problem with spam creation.

Some of the sites involved included Google Groups, including several international variations of it, Blurty, OpenDiary, GreatestJournal, Viabloga and Multiply.

Even Oracle’s Bugzilla server was the host for one of the spam URLs.

But even though the URLs were spread across multiple services of different types, the resulting pages were very similar. They contained two large images (where possible) that linked to one of several throwaway .info domains. The domains then redirect any clicks to a page at sportsbook.com

Below the images, the sites have several paragraphs of keyword-loaded content about gambling and various sub genres. The gibberish nature of this content indicates that it is either automatically generated or is a another case of a spinning scraping.

Either way, the end result is the same. Pure garbage and tons of spam.

Sample Links

Please note that all of the links below have been nofollowed. These links are designed to show samples of the pages on their various hosts. Be careful when following these links as I can not promise that they do not contain malware and adult content. I can not vouch for the material on these sites.

All links were working as of 10 AM central time on November 20.

Google Groups (FR)
Google Groups (ES)
Google Groups (IT)
Multiply
GreatestJournal (link down within 4 minutes of reporting)
Bugzilla.Oracle.Com

What This Means to Bloggers

Spam is evolving. That not only includes the waves of trackback and comment spam that must be guarded against, but also new scraping sites and plagiarists.

Though we’ve seen a lot of tactic changes from spammers over the past few years, this one indicates a strong diversification. No longer are spammers focusing all or even most of their energy on “high value” targets.

On one hand, this could be a sign that the recent pushback at Blogspot regarding spam blogs could be having the desired effect. However, it doesn’t mean that Google is off of the hook as nearly half of the links came from various Google Groups sites.

In short though, spammers are branching out and services that previously only had a minor problem with spam will likely soon find themselves at the forefront of the spam war. Sadly, these companies often do not have the technology nor the resources to battle against a major spam assault and can not implement effective counter-measures fast enough.

This means that, not only will spammers likely start upping the amount of content theft and spamming they execute, but that it will be across a wider array of sites. Equally bad, blog services that were once trusted and highly-regarded could become spammy neighborhoods in short order as they become overrun by junk.

There is no real advice one can give for this, other than to be advised and be on the lookout. Odds are this spam attack was not an attack at all, but merely an intense salvo in a never-ending war.

Conclusions

As if to further the theory that it is just a salvo, I delved into my blocked spam folder and I see that a second attack has already begun. This one dealing with a check cashing scheme. Many of the same domains are involved, including Google Groups. The pages fit the same formula, though with one image instead of two, and it appears to be the work of the same group or individual.

Things are definitely getting ugly but, this time, the defenses seem to be holding a lot better. Most likely, Akismet has updated itself to deal with this new wave.

Still, the very nature of this evolution is going to make it a difficult one to track and stop. It is only a matter of time before another shift in the formula enables the spammers to break through, if but for a moment.

In the meantime, bloggers and Webmasters are caught in the middle, both having their content repurposed to fill the spammy pages and then fighting the fake trackbacks and comments.

As sad as it is, we’re fighting the war on two fronts and both fronts are shifting. Our tactics will have to change accordingly.

Protect Your Work. Subscribe to Plagiarism Today via Email or RSS.