Franklin (tacit) wrote,
  • Mood: amazed - in the worst way

Polyamory and crime on the Internet

Note: Followups to this entry at http://tacit.livejournal.com/238112.html (part 1) and http://tacit.livejournal.com/240750.html (part 2)

UPDATED 13-December-07 10:50 EST Updates indicated in text
UPDATED2 14-December-07 1:05 PM EST Updates indicated in text
UPDATED3 14-December-07 2:00 PM EST Updates indicated in text
UPDATED4 02-January-08 2:44 PM EST Updates indicated in text

So I recently decided, like many folks do, to Google my name. I do this periodically, because it's always fun to see how many sites are linking to me (and I'm in the process of building a list of non-English mirrors of my polyamory site -- it's been translated into Polish, Hebrew, German, and a bunch of other languages, which is cool).

And in the process, I think I've discovered what might be one of the largest-scale cases of Web site hacking and virus distribution I've ever heard of.

A little background is in order. If you've used Google for any length of time, you probably know that when you Google popular keywords you'll often run into "spam pages." These are pages that are just stuffed full of keywords at random; in the Google search results, they will have titles like "tribadism fight scenes, free tribadism porn video Britney Spears, make money fast terrorism Iran big cock" and have excerpts that look like "she shoved it in and bridal hosiery wedding cake viagra fetish smurf Bible amateur transvestite video free vacation europe nymphomaniac ipod". These are spam pages; they are filled with hundreds of keywords, and if you click on them, you will be redirected to the spammer's site. They exist just to intercept popular Google searches and direct traffic wherever the spammers want it.

They are also popular with virus writers. Virus writers will create thousands of fake Web pages filled with popular keywords, then use those Web pages to servers that will attempt to automatically download viruses onto the computer of anyone running Windows who's unwary enough to click on them.

Okay, so.

Yesterday, I did a keyword search for my name. Normally, I get about nine pages of results; but yesterday, I got 56 pages of results, over 200 in all.

Most of these pages look like this:

The polyamory news franklin veaux mitt was rigid enough to prevent me from either closing them too hard or opening polyfamilies polyamory for the practical them too far. She raised my left hand and fastened it in a similar polyamory weekly podcast manner, into a similar latex mitten.society for human sexuality polyamory info "I just wondered. You were standing there with a dazed polyamory open wedding vows look on your face playing with that cucumber and I thought something might world polyamory association presentations and workshops franklin veaux. Once inside, he polyamory san diego quickly stripped off his apron and polyamory cape coral unfastened his belt and pants. It was nearly as big as Mark's, and open relationships polyamory that pleased her. Quickly unbuttoning her blouse to reveal her tits. page personal poly polyamory web He gently squeezed them, making her moan deep in her throat.





UPDATED3: I've looked at some of the random text on these pages, and it's not really random at all--it's a short porn story with random keywords seeded throughout it. It contains a number of statistically improbable phrases. One of these is "Ashley had always wanted to go there"--doing a Google search for that exact phrase results in 13,800 hits--nearly every single one of which is a spam redirector.




You get the idea. "Oh, well, this is interesting," thought I, "polyamory, and my name, have become popular enough Google web searches that the spammers are including them in spam pages now."

I clicked on some of these result links, curious to see who the spammer was and what site he was trying to direct traffic to.

And that's when things started to get weird. What I found was a very large, highly organized campaign to direct Web traffic to servers hosted in Eastern Europe that would infect visitors with a computer virus, all orchastrated by a single person or group of people and all being done by what appears to be a massive breach of hundreds and hundreds of hacked Web sites, all hosted by the same ISP--the largest single Web site security breach I've heard of.

If you want to keep going down the rabbit hole: Follow me! Things are about to get very technical here.Collapse )
Tags: computer security, computer viruses

3200asa

December 13 2007, 05:45:26 UTC 6 years ago

  • New comment
i know some people inside iPowerweb and i'll pass this along to them. I suspect they already know though.

As of 12:45am EST
wget --referer=http://www.google.com http://mdhardyinc.com/rclrn/har/ad/5/polyamory.html still works and redirects to the payload site.

Error

default userpic

Your reply will be screened

Your IP address will be recorded