Last updated on December 1st, 2010
I got an unusual (for me) comment spam this morning at 01:58 from a Kuala Lumpur spammer. His modus operandi is to trawl WordPress blogs looking for the word “RapidShare” and then dump a deliberately malformed warez-type URL to a zip file promising unlimited super-fast Rapidshare accounts that have been compromised.
I had such a posting quite a while ago here, view-of-local-network-from-rapidshare-a-black-hole, so I’ll be letting the comment through because it’s got no active backlinks and such like.
It’s a file sharing website where users can share files of their own creation or where there isn’t a valid copyright. In the real world, of course, I guess about 99% of it is cracked software and copyright video and music. Some of it is my own and others under the Crawling Chaos moniker. Bizarrely, you can actually pay a premium if you want better downloads of the ‘free’ stuff in the “premium” service. But that’s the point, isn’t it? 😉
And this is where the spammer comes in. The comment and malformed URL is this;
Hey guy's! Check it out.HURRY!
JUST DONT CHANGE THE PASSWORD COZ EVERYBODY ALSO USING IT . Enjoyyyy.
h t t p://rapidshare.com/files/203145031/Rapidshare_Premium_Accounts_-_Latest_Issue.zip
I checked the zip. There’s a lot of Spanish and English in some text files as word docs in both old and new formats as well as plain text files. There’s also an MP3 file. In my sandbox they checked as clean!! I haven’t gone any deeper into testing the passwords as Rapidshare, while being good in principle, is actually theft and deception in practice.
The spammer’s email checks out in a few on-line mobile phone sales on a Malaysian website. It’s firstname.lastname@example.org but it’s probably spoofed. With so much secrecy and nefarious activity on the web, who’s to say?
I don’t see it as a benevolent gesture of a thief in a theft based culture. I see it more as a tester for a bigger plan. Maybe, send a few of these ‘tasters’ out for a bit before the true malevolence is delivered? Maybe the dodgy content is in the particular RapidShare accounts that have been compromised or deliberately set up with this purpose in mind?