Rapidshare WordPress Comment Spam

I got an unusual (for me) comment spam this morning at 01:58 from a Kuala Lumpur spammer.  His modus operandi is to trawl WordPress blogs looking for the word “RapidShare” and then dump a deliberately malformed warez-type URL to a zip file promising unlimited super-fast Rapidshare accounts that have been compromised.

I had such a posting quite a while ago here, view-of-local-network-from-rapidshare-a-black-hole, so I’ll be letting the comment through because it’s got no active backlinks and such like.

RapidShare

It’s a file sharing website where users can share files of their own creation or where there isn’t a valid copyright. In the real world, of course, I guess about 99% of it is cracked software and copyright video and music. Some of it is my own and others under the Crawling Chaos moniker.  Bizarrely, you can actually pay a premium if you want better downloads of the ‘free’ stuff in the “premium” service.  But that’s the point, isn’t it?  😉

Comment Spammer

And this is where the spammer comes in. The comment and malformed URL is this;

Hey guy's! Check it out.HURRY!
JUST DONT CHANGE THE PASSWORD COZ EVERYBODY ALSO USING IT . Enjoyyyy.

h t t p://rapidshare.com/files/203145031/Rapidshare_Premium_Accounts_-_Latest_Issue.zip

Content

I checked the zip.  There’s a lot of Spanish and English in some text files as word docs in both old and new formats as well as plain text files.  There’s also an MP3 file.  In my sandbox they checked as clean!!  I haven’t gone any deeper into testing the passwords as Rapidshare, while being good in principle, is actually theft and deception in practice.

The spammer’s email checks out in a few on-line mobile phone sales on a Malaysian website. It’s kofxi123@gmail.com but it’s probably spoofed.  With so much secrecy and nefarious activity on the web, who’s to say?

I don’t see it as a benevolent gesture of a thief in a theft based culture.  I see it more as a tester for a bigger plan.  Maybe, send a few of these ‘tasters’ out for a bit before the true malevolence is delivered?  Maybe the dodgy content is in the particular RapidShare accounts that have been compromised or deliberately set up with this purpose in mind?

You’ve been warned!

Comments

8 responses to “Rapidshare WordPress Comment Spam”

  1. avi-to-mp4-converter avatar
    avi-to-mp4-converter

    really?

    view-of-local-network-from-rapidshare-a-black-hole?

    It sounds good!

    1. Strangely avatar

      Should've read the other bit then…?

  2. the dude avatar
    the dude

    rapidpond.com and filespond.com are pretty good. check those out.

    1. Strangely avatar

      I've let this spam through as an example of how spammers and file-sharers target posts about spam and file-sharing! Needless to say, I've de-linked the URLs!

  3. Jaun Millalonco avatar
    Jaun Millalonco

    Just wanted to say great job with the blog, today is my first visit here and I've enjoyed reading your posts so far 🙂
    Juan

    1. Strangely avatar

      Is Jaun Millalonco code for "socially engineering a backdoor into WordPress blogs by pretending to be a happy user in the hope that I'll get registered and can thus make a later posting full of active content" – or not?

      Try this Google search on the name string: https://www.google.co.uk/search?q=%22Jaun+Millalon

      Then try a few links and see what I mean?… For example:
      https://www.digitalbattle.com/2009/04/09/wheelman-https://www.sliceofscifi.com/2006/09/28/jackson-puhttp://battlingforhealth.com/2006/06/spanish-singhttp://dearauthor.com/wordpress/2006/10/18/the-sphttp://lirneasia.net/2007/02/the-next-billion-is-

      It's definately automated shit but there are no back-links or anything. Just enough for a poor blogger to let a comment through.

      Of course, anyone new to the game might promote someone to a higher role or have the defaults set too weak anyway. My guess is that the visitor will be back with a more effective payload to drop on the website – maybe some porn links or even, if they're lucky, they may get to leave proper attachments with active content.
      They may, of course, be back with some backlinks to increase their visibility to search…?

      Anyway, I deemed the naff comment – worthy of a comment of my own. Make of that what you will.

  4. Mark avatar
    Mark

    Thanks for sharing this.Very useful components

  5. Strangely avatar

    At the last count today, doing a Google search on the string “/Rapidshare_Premium_Accounts_-_Latest_Issue.zip” produces nine hits on those blogs that have let it past for one reason or another…

    The ‘commenter’ is variously listed as:
    guest
    steve2
    steve
    qwerty

    Interestingly, follow a link or two and there’s a whole world of intrigue out there on RapidShare including various ways to ‘make money’ as they call it! There is information on scraping passwords and using up bandwidth for this ‘free’ ‘service’ pushing mainly cracked digital data of one format or another.

    I hope ironic usage of the concepts of ‘free’ and ‘service’ isn’t lost on folks or else it shows a perilous decline in the correct usage of language, hah, hah.
    This comment (one of many, including the weird begging ones) in the linked post even has huge lists of the cracked ‘free’ passwords etc along with expiry dates. The begging comments are the funniest part of the whole charade of twisted thought processes.

    I tell you, it’s a whole new economic order and highly similar to the way the banks and financial services have been run for the last few years – that is; on the foundations of a vacuum.

    And for yet another reason for the easy and copious spread of computer malware and viruses across the globe, add the above business model. People just get suckered into anything, like oblivious sheep.

    This Indian dude seems to have even re-discovered pyramid selling in this post! He calls it a ‘program’ with instructions about how his chain letter system works. Unfortunately for him, people seem to have seen past it, but not the comment spammers. His post is full of them so follow the rar files at your peril. It should be caveat emptor, but no-one seems to buy anything.

Leave a Reply to Strangely Cancel reply

Copyright ©1976

All Rights Reserved by Strangely Perfect

Occasional Tweets here @crawlingchaosuk