Saturday, January 03, 2009

Media “cloak and dagger” and frightening financial stories stir up a new wave of spam blogs; home users should be vary of some embedded videos

Web surfers should be aware of a particular kind of “social engineering” that may be accompanying spam blogs.

The basic idea is that a spammer sets up a blog or series of blogs that appear to deal with some arcane and controversial topics, particularly crime or terrorism stories and various matters associated with the recent financial meltdown. This sort of activity apparently increases during times of sensational media news about various perils (particularly the “cloak and dagger” variety), as recently. Then the spammer may provide what look like embedded YouTube video links but are actually applications that if clicked could infect the user with spyware.

Some of these blogs may contain a lot of extraneous “farm” links, but not all do. Some (but not all) may contain text or links in foreign languages, especially Chinese or Russian. (The Chinese "text" is hard to figure since China blocks so many sites anyway.) Generally, regardless of language, the text starts out with a couple of complete sentences and gradually turns nonsensical and repetitive, as if written by an automated script. The piece as whole does not make much sense outside of two or three sentences, that probably were scraped from legitimate sites. Some may use blog names for blogs that have been deleted by the original owners (in which case they could cause post "online reputation" problems for the original owners). They may tend to have entries that span only a month or two.

The problem has been known from as far back as 2005, according to Wikipedia. But the problem may have increased during the latter part of 2008 (particularly in September), particularly about the time of the financial implosion, as well as some particularly sensational crimes around Washington DC and some other cities. (Wikipedia reports a spike in April 2008, also.) Unfortunately, spammers have developed high-powered algorithms to get around captcha technology. Generally, the greatest risk for home users would come from the video links or perhaps the external links, not the text itself; but home and small business users should learn to recognize this pattern. Modern anti-virus protection DAT files may or may not identify most of these threats.

Because of the controversy over the subject matter, users may become intrigued and believe that the posts have some hidden “steganographic” information. Perhaps this is simple gullibility, but law enforcement should take seriously the apparent increase in such sites since the time that these particularly sensational news items started to play out in the media. These fake blogs could point to new schemes for massive bank fraud and identity theft, or they could contain legitimate clues about ongoing criminal investigations, although the likelihood of the latter possibility seems rather remote.

Picture: translation from such a site in Chinese (copied to a flat file), but translation software cannot translate it completely, another symptom.

No comments: