Monday, October 15, 2007

The AFF Splog Farm #3

The Blogosphere currently has a real problem - active hacking, and obnoxious unwanted commercial "adult" content, is in 1 out of every 3 blogs being published. Do some "Next Blog" surfing, and see what I mean.

I wrote, originally, about this problem a little over a month ago. I published an update last Friday, indicating that the problem isn't going away, and Blogger hasn't done anything to solve it.

Yesterday, the problem changed direction.

This is what we had a month ago (and last week). That's a dead web site.

http://aff-friend-finderwvghpcb.blogspot.com/

Note the blog name, in the URL.
aff-friend-finderwvghpcb
aff-friend-finder <== Name
wvghpcb <== Suffix


Possibly to make their blog setup faster or more scalable, the sploggers stopped using dictionary words in the blog names.

Here's a (slightly altered) entry taken from the Recently Updated Blogs list, during the morning of 10/15/2007. That's not the actual URL, as I do not link to sites serving malware or spam. If you really want to see some, just go surfing for 5 or 10 minutes. This example should tell you what to look for.

http://049768cqslzid.blogspot.com/

Note the blog name, in the URL, now.
049768cqslzid
049768 <== Splog Number: Always 6 digits (right now).
cqslzid <== Suffix: 6 - 12 alphabetic characters, possibly dictionary filtered.


But name change or no, it's the same crap.


This is what you'll see, if your computer is properly protected, with a layered security strategy.


They can't even spell "Blogger".



If your computer isn't properly protected, you'll probably see different content.


This is approximately what you'd see, if your computer isn't fully protected. If you didn't use Microsoft Paint, there would even be pictures in place of the white space.

I don't see this crap on my primary computer, because I use a Hosts file based site blocker. So simple - and requires very little effort to install.





And thanks to Firefox, and its pop up blocking, I don't see this either.



All of the ads in the latter two pictures change constantly. What you see there is purely a vague approximation, provided to give you a hint of what the splog master is doing. Sometimes, what he's doing may make your computer the newest member of the botnet being offered, if you're not protected.

>> Top

1 comment:

Dan Kelley said...

I'm guessing that most of the traffic these splogs see comes from the "next blog" button on the nav bar.

Perhaps this is something Google should remove all together. With all the slogs with possible malware, its just plain dangerous for consumers.