Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

*Sigh*. I should have expected this...

Occasionally I'm reminded that the Internet is still basically the wild west.

I went to go make some tweaks to ProWiki this morning, and discovered that it had been vandalized. I had thought this unlikely because it was an inconspicuous target, and there wouldn't be much value to the trolls in screwing it up. What hadn't occurred to me was that it wasn't vandalized by the trolls, but by the spammers.

It's fascinating stuff, actually. My initial assumption had been that it was a PageRank scheme -- they were dumping large numbers of commercial links onto my site in order to drive up the Google PageRank of those sites. (All of the links, and there hundreds of them, are for Russian sites, generally URLs designed as comeons for specific products.)

But digging into it, there may be something more complex going on here. It appears that most of these sites actually resolve to pages on a site called "SearchMeUp", which is apparently trying to compete with Yahoo's indexes -- most links go to a page listing a bunch of apparently-innocuous sites. But they are all indirected through a raw IP address and a long encrypted key, which is a tad suspicious. It *could* be exactly what it appears to be, but it's very typical of phishing scams.

Digging a little further, it looks like SearchMeUp is a true blackhat site. They're apparently best known for spreading a recent computer virus that infects your computer and changes your homepage to their site, which then downloads *more* malware to your machine. They are apparently leveraging security flaws in IE, which let them infect your computer if you so much as go to their site. Do *NOT* visit SearchMeUp, even briefly, if you're using IE. Nasty scumbags.

Anyway, for the moment I don't think I have much choice but to lock down ProWiki. Fortunately, they were doing mass-market Wiki destruction (it looks like they've been slamming a lot of Wikis), so they only hit a few of the top pages -- about 90% of my content is okay. It's going to take a while to rebuild the dead stuff, though (they modified the pages so many times the changelogs lost the originals), and I'll have to decide whether it's worth my time to maintain a proper blacklist for the hundreds of zombie sites these guys have wandering around causing destruction. In the meantime, if anyone wants edit access to the system, tell me and I'll give you a password...
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 2 comments