Jump to content

SANS ISC Accidentally Steals Spammers Redirector


GraemeL
 Share

Recommended Posts

Nice story on the SANS ISC Diary today.

The spammer uses SEO techniques to get his meds site the top result at Google for the search term “myvisameds global cart†and then sends out his spam run with a Google "I'm feeling lucky" link searching on those words. Result, anybody clicking on the Google link gets redirected to his site.

A SANS handler notices what's going on and posts a diary entry documenting what the spammers are doing to avoid putting their domain names in the mail and getting them caught up by SURBL type scoring systems.

SANS being popular and having a huge page rank means that it stomps all over the spammers SEO attempts and becomes the top result returned for the spammers search terms.

Result: Anybody clicking on the link the spammer sends out now gets sent to the SANS diary entry rather than the spammers site.

I actually laughed out loud when I got to the update at the bottom of the article where they reveal the effect of their posting the story. :lol:

Link to comment
Share on other sites

Result: Anybody clicking on the link the spammer sends out now gets sent to the SANS diary entry rather than the spammers site.

I've seen these IFL spams and wondered how effective IFL could really be as a redirection technique. First, it must take some time and effort for the spammer to get his site up to the top of the listings (so he can be in line for the IFL link), nd then it must be easy for a much larger and better-known site to "hijack" the IFL from him.

Very amusing, this made my day. Score one for SANS.

Hmm... I have a PR5 website... this gives me an ideer...

-- rick

Link to comment
Share on other sites

I've seen these IFL spams and wondered how effective IFL could really be as a redirection technique. First, it must take some time and effort for the spammer to get his site up to the top of the listings (so he can be in line for the IFL link)

Is computing time measured as 'time and effort' these days? Latch onto some 'great marketing' software that places your stuff in over 500,000 (last time I looked) forums, blogs, list pages, wikis, etc. etc. etc. Twiddle your thimbs for a day or two, to give the search engine bots to do some collectiong. Then fire up that other great spam-spew-high-speed-advertising crap and turn it loose.

What actually makes this 'easy' is that string of text being used for the search string. Technically, can you come up with any possible means of someone somehow actually mis-typing something that ended up with “myvisameds global cart” ?????? The results would be that the only place this "phrase" would exist is where the spammer placed it. Which then points back to things like weighting and scaling by the Seatch Engine indexing tools.

The flip side to this is those outfits selling their services to "improve" your seach engine rankings ... Guaranteed to place 'your' page into the Top 10 results ..... a bit of tailoring of web-page content, edit the META tags a bit, then provide the customer a really interesting search string .... voila! The specific web-page on the first page of search engine results. Makes that $200-$100 seem worth it, but typically the 'new traffic' never comes. Eventually, someone points out that nobody in their right mind would ever put together a search engine query like the one used to "show that the page made it to the Top 10" ....

Link to comment
Share on other sites

  • 2 weeks later...

I've seen these types of spams before, but when reporting them to SC, I always see that it refuses to send a report to Google's abuse dept. Is this because Google doesn't want reports from spams that included Google pages where they turned out to be an innocent bystander?

Google does have their own search result spam reporting page and a warning about rogue SEO companies, but I've never known exactly what to do when I see an UCE using IFL like the one mentioned.

Link to comment
Share on other sites

Nice story on the SANS ISC Diary today.
The results are in: A Google search on "myvisameds" now turns up only about 13 hits, of which only the last is a spam site (which doesn't even seem to work). The rest are SANS and various blogs etc. (including a surprise newcomer) reporting on the phenomenon.

-- rick (waiting for the next IFL keywords)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...