I got an unusual (for me) comment spam this morning at 01:58 from a Kuala Lumpur spammer. His modus operandi is to trawl WordPress blogs looking for the word “RapidShare” and then dump a deliberately malformed warez-type URL to a zip file promising unlimited super-fast Rapidshare accounts that have been compromised.
I had such a posting quite a while ago here, view-of-local-network-from-rapidshare-a-black-hole, so I’ll be letting the comment through because it’s got no active backlinks and such like.
RapidShare
It’s a file sharing website where users can share files of their own creation or where there isn’t a valid copyright. In the real world, of course, I guess about 99% of it is cracked software and copyright video and music. Some of it is my own and others under the Crawling Chaos moniker. Bizarrely, you can actually pay a premium if you want better downloads of the ‘free’ stuff in the “premium” service. But that’s the point, isn’t it? ;-)
Comment Spammer
And this is where the spammer comes in. The comment and malformed URL is this;
Hey guy's! Check it out.HURRY!
JUST DONT CHANGE THE PASSWORD COZ EVERYBODY ALSO USING IT . Enjoyyyy.
h t t p://rapidshare.com/files/203145031/Rapidshare_Premium_Accounts_-_Latest_Issue.zip
Content
I checked the zip. There’s a lot of Spanish and English in some text files as word docs in both old and new formats as well as plain text files. There’s also an MP3 file. In my sandbox they checked as clean!! I haven’t gone any deeper into testing the passwords as Rapidshare, while being good in principle, is actually theft and deception in practice.
The spammer’s email checks out in a few on-line mobile phone sales on a Malaysian website. It’s kofxi123@gmail.com but it’s probably spoofed. With so much secrecy and nefarious activity on the web, who’s to say?
I don’t see it as a benevolent gesture of a thief in a theft based culture. I see it more as a tester for a bigger plan. Maybe, send a few of these ‘tasters’ out for a bit before the true malevolence is delivered? Maybe the dodgy content is in the particular RapidShare accounts that have been compromised or deliberately set up with this purpose in mind?
You’ve been warned!
Related posts:
- Weird Email Address in WordPress Registration Spam
- My Crawling Chaos website refused access to a registration spammer recently. They had the email address of … auiq.a.j.i.a.p.y.c.e.2.0.3.6.6@gmail.com This...
- RapidShare
- 20/5/2007:informed RapidShare about copyright infringement...
- Blank Pages Trouble with new WordPress install
- Not only have I had a bit of trouble moving to a new IP address – but this post is...
- And Now We Have Tiny URL Spam!
- A comment spam of a new sort just arrived so it’s most definitely connected to the recent Microsoft RPC warning...
- Laptop/Desktop fresh install
- Well after the first attempt at this post being wiped, I hope it doesn’t this time. After maxing out my...
March 8, 2009 at 5:22 pm
At the last count today, doing a Google search on the string “/Rapidshare_Premium_Accounts_-_Latest_Issue.zip” produces nine hits on those blogs that have let it past for one reason or another…
The ‘commenter’ is variously listed as:
guest
steve2
steve
qwerty
Interestingly, follow a link or two and there’s a whole world of intrigue out there on RapidShare including various ways to ‘make money’ as they call it! There is information on scraping passwords and using up bandwidth for this ‘free’ ‘service’ pushing mainly cracked digital data of one format or another.
I hope ironic usage of the concepts of ‘free’ and ‘service’ isn’t lost on folks or else it shows a perilous decline in the correct usage of language, hah, hah.
This comment (one of many, including the weird begging ones) in the linked post even has huge lists of the cracked ‘free’ passwords etc along with expiry dates. The begging comments are the funniest part of the whole charade of twisted thought processes.
I tell you, it’s a whole new economic order and highly similar to the way the banks and financial services have been run for the last few years – that is; on the foundations of a vacuum.
And for yet another reason for the easy and copious spread of computer malware and viruses across the globe, add the above business model. People just get suckered into anything, like oblivious sheep.
April 19, 2009 at 2:51 am
Thanks for sharing this.Very useful components
Pingback: Pligg Comment Spam | Strangely Perfect
July 1, 2009 at 10:13 pm
Just wanted to say great job with the blog, today is my first visit here and I've enjoyed reading your posts so far :)
Juan
July 1, 2009 at 11:16 pm
Is Jaun Millalonco code for "socially engineering a backdoor into WordPress blogs by pretending to be a happy user in the hope that I'll get registered and can thus make a later posting full of active content" – or not?
Try this Google search on the name string: http://www.google.co.uk/search?q=%22Jaun+Millalon…
Then try a few links and see what I mean?… For example:
http://www.digitalbattle.com/2009/04/09/wheelman-… http://www.sliceofscifi.com/2006/09/28/jackson-pu… http://battlingforhealth.com/2006/06/spanish-sing… http://dearauthor.com/wordpress/2006/10/18/the-sp… http://lirneasia.net/2007/02/the-next-billion-is-…
It's definately automated shit but there are no back-links or anything. Just enough for a poor blogger to let a comment through.
Of course, anyone new to the game might promote someone to a higher role or have the defaults set too weak anyway. My guess is that the visitor will be back with a more effective payload to drop on the website – maybe some porn links or even, if they're lucky, they may get to leave proper attachments with active content.
They may, of course, be back with some backlinks to increase their visibility to search…?
Anyway, I deemed the naff comment – worthy of a comment of my own. Make of that what you will.
March 23, 2010 at 12:54 am
rapidpond.com and filespond.com are pretty good. check those out.
March 23, 2010 at 9:48 am
I've let this spam through as an example of how spammers and file-sharers target posts about spam and file-sharing! Needless to say, I've de-linked the URLs!
April 16, 2010 at 5:07 am
really?
view-of-local-network-from-rapidshare-a-black-hole?
It sounds good!
April 16, 2010 at 10:07 am
Should've read the other bit then…?