Mar 052009

Last updated on December 1st, 2010

I got an unusual (for me) comment spam this morning at 01:58 from a Kuala Lumpur spammer.  His modus operandi is to trawl WordPress blogs looking for the word “RapidShare” and then dump a deliberately malformed warez-type URL to a zip file promising unlimited super-fast Rapidshare accounts that have been compromised.

I had such a posting quite a while ago here, view-of-local-network-from-rapidshare-a-black-hole, so I’ll be letting the comment through because it’s got no active backlinks and such like.


It’s a file sharing website where users can share files of their own creation or where there isn’t a valid copyright. In the real world, of course, I guess about 99% of it is cracked software and copyright video and music. Some of it is my own and others under the Crawling Chaos moniker.  Bizarrely, you can actually pay a premium if you want better downloads of the ‘free’ stuff in the “premium” service.  But that’s the point, isn’t it?  😉

Comment Spammer

And this is where the spammer comes in. The comment and malformed URL is this;

Hey guy's! Check it out.HURRY!

h t t p://


I checked the zip.  There’s a lot of Spanish and English in some text files as word docs in both old and new formats as well as plain text files.  There’s also an MP3 file.  In my sandbox they checked as clean!!  I haven’t gone any deeper into testing the passwords as Rapidshare, while being good in principle, is actually theft and deception in practice.

The spammer’s email checks out in a few on-line mobile phone sales on a Malaysian website. It’s but it’s probably spoofed.  With so much secrecy and nefarious activity on the web, who’s to say?

I don’t see it as a benevolent gesture of a thief in a theft based culture.  I see it more as a tester for a bigger plan.  Maybe, send a few of these ‘tasters’ out for a bit before the true malevolence is delivered?  Maybe the dodgy content is in the particular RapidShare accounts that have been compromised or deliberately set up with this purpose in mind?

You’ve been warned!

  8 Responses to “Rapidshare WordPress Comment Spam”

  1. really?


    It sounds good!

  2. and are pretty good. check those out.

    • I've let this spam through as an example of how spammers and file-sharers target posts about spam and file-sharing! Needless to say, I've de-linked the URLs!

  3. Just wanted to say great job with the blog, today is my first visit here and I've enjoyed reading your posts so far 🙂

  4. Thanks for sharing this.Very useful components

  5. At the last count today, doing a Google search on the string “/” produces nine hits on those blogs that have let it past for one reason or another…

    The ‘commenter’ is variously listed as:

    Interestingly, follow a link or two and there’s a whole world of intrigue out there on RapidShare including various ways to ‘make money’ as they call it! There is information on scraping passwords and using up bandwidth for this ‘free’ ‘service’ pushing mainly cracked digital data of one format or another.

    I hope ironic usage of the concepts of ‘free’ and ‘service’ isn’t lost on folks or else it shows a perilous decline in the correct usage of language, hah, hah.
    This comment (one of many, including the weird begging ones) in the linked post even has huge lists of the cracked ‘free’ passwords etc along with expiry dates. The begging comments are the funniest part of the whole charade of twisted thought processes.

    I tell you, it’s a whole new economic order and highly similar to the way the banks and financial services have been run for the last few years – that is; on the foundations of a vacuum.

    And for yet another reason for the easy and copious spread of computer malware and viruses across the globe, add the above business model. People just get suckered into anything, like oblivious sheep.

    This Indian dude seems to have even re-discovered pyramid selling in this post! He calls it a ‘program’ with instructions about how his chain letter system works. Unfortunately for him, people seem to have seen past it, but not the comment spammers. His post is full of them so follow the rar files at your peril. It should be caveat emptor, but no-one seems to buy anything.

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



© 1977, Strangely Perfect.