I got an unusual (for me) comment spam this morning at 01:58 from a Kuala Lumpur spammer. His modus operandi is to trawl WordPress blogs looking for the word “RapidShare” and then dump a deliberately malformed warez-type URL to a zip file promising unlimited super-fast Rapidshare accounts that have been compromised.
I had such a posting quite a while ago here, view-of-local-network-from-rapidshare-a-black-hole, so I’ll be letting the comment through because it’s got no active backlinks and such like.
RapidShare
It’s a file sharing website where users can share files of their own creation or where there isn’t a valid copyright. In the real world, of course, I guess about 99% of it is cracked software and copyright video and music. Some of it is my own and others under the Crawling Chaos moniker. Bizarrely, you can actually pay a premium if you want better downloads of the ‘free’ stuff in the “premium” service. But that’s the point, isn’t it? ;-)
Comment Spammer
And this is where the spammer comes in. The comment and malformed URL is this;
Hey guy's! Check it out.HURRY!
JUST DONT CHANGE THE PASSWORD COZ EVERYBODY ALSO USING IT . Enjoyyyy.
h t t p://rapidshare.com/files/203145031/Rapidshare_Premium_Accounts_-_Latest_Issue.zip
Content
I checked the zip. There’s a lot of Spanish and English in some text files as word docs in both old and new formats as well as plain text files. There’s also an MP3 file. In my sandbox they checked as clean!! I haven’t gone any deeper into testing the passwords as Rapidshare, while being good in principle, is actually theft and deception in practice.
The spammer’s email checks out in a few on-line mobile phone sales on a Malaysian website. It’s email hidden; JavaScript is required but it’s probably spoofed. With so much secrecy and nefarious activity on the web, who’s to say?
I don’t see it as a benevolent gesture of a thief in a theft based culture. I see it more as a tester for a bigger plan. Maybe, send a few of these ‘tasters’ out for a bit before the true malevolence is delivered? Maybe the dodgy content is in the particular RapidShare accounts that have been compromised or deliberately set up with this purpose in mind?
You’ve been warned!
Related posts:
- Combatting WordPress Trackback Comment Spam Two WordPress trackback spams lead our hero to investigate their...
- View of Local Network from Rapidshare? A Black Hole? Not really being a complete propellorhead means I don’t understand...
- Yet another WordPress Comment Spam Method Over the last few weeks I’ve had another type of...
- Two Examples of a Moving Trend in WordPress Comment Spam I’ve noticed over the past few weeks how the content...
- Weird Email Address in WordPress Registration Spam My Crawling Chaos website refused access to a registration spammer...
Related posts brought to you by Yet Another Related Posts Plugin.
At the last count today, doing a Google search on the string “/Rapidshare_Premium_Accounts_-_Latest_Issue.zip” produces nine hits on those blogs that have let it past for one reason or another…
The ‘commenter’ is variously listed as:
guest
steve2
steve
qwerty
Interestingly, follow a link or two and there’s a whole world of intrigue out there on RapidShare including various ways to ‘make money’ as they call it! There is information on scraping passwords and using up bandwidth for this ‘free’ ‘service’ pushing mainly cracked digital data of one format or another.
I hope ironic usage of the concepts of ‘free’ and ‘service’ isn’t lost on folks or else it shows a perilous decline in the correct usage of language, hah, hah.
This comment (one of many, including the weird begging ones) in the linked post even has huge lists of the cracked ‘free’ passwords etc along with expiry dates. The begging comments are the funniest part of the whole charade of twisted thought processes.
I tell you, it’s a whole new economic order and highly similar to the way the banks and financial services have been run for the last few years – that is; on the foundations of a vacuum.
And for yet another reason for the easy and copious spread of computer malware and viruses across the globe, add the above business model. People just get suckered into anything, like oblivious sheep.
Thanks for sharing this.Very useful components
[...] one appeared against the posting rapidshare-wordpress-comment-spam, which is even more ironic, if anything! It’s WHOIS entry is ‘protected’ by [...]
Edit
Just wanted to say great job with the blog, today is my first visit here and I've enjoyed reading your posts so far :)
Juan
Is Jaun Millalonco code for "socially engineering a backdoor into WordPress blogs by pretending to be a happy user in the hope that I'll get registered and can thus make a later posting full of active content" – or not?
Try this Google search on the name string: http://www.google.co.uk/search?q=%22Jaun+Millalon…
Then try a few links and see what I mean?… For example:
http://www.digitalbattle.com/2009/04/09/wheelman-… http://www.sliceofscifi.com/2006/09/28/jackson-pu… http://battlingforhealth.com/2006/06/spanish-sing… http://dearauthor.com/wordpress/2006/10/18/the-sp… http://lirneasia.net/2007/02/the-next-billion-is-…
It's definately automated shit but there are no back-links or anything. Just enough for a poor blogger to let a comment through.
Of course, anyone new to the game might promote someone to a higher role or have the defaults set too weak anyway. My guess is that the visitor will be back with a more effective payload to drop on the website – maybe some porn links or even, if they're lucky, they may get to leave proper attachments with active content.
They may, of course, be back with some backlinks to increase their visibility to search…?
Anyway, I deemed the naff comment – worthy of a comment of my own. Make of that what you will.
rapidpond.com and filespond.com are pretty good. check those out.
I've let this spam through as an example of how spammers and file-sharers target posts about spam and file-sharing! Needless to say, I've de-linked the URLs!
really?
view-of-local-network-from-rapidshare-a-black-hole?
It sounds good!
Should've read the other bit then…?