Spammers ramp up siege on Google's Blogger via bots

by Jeremy Kirk

April 25, 2008 —

Spammers are using an automated method to create bogus pages on Google's Blogger
service, again highlighting the diminishing effectiveness of a security
system intended to stop mass account registrations, according to security vendor
Websense.

The spammers are sending coded instructions to PCs in their botnets, or networks
of computers that have been infected with malicious software, wrote Sumeet Prasad,
a threat analyst, on Websense's
blog.

Those sophisticated instructions tell PCs how to register a free account on
Blogger. The spammers also figured out a way to solve the CAPTCHA (Completely
Automated Public Turing test to Tell Computers and Humans Apart), the warped
text that has to be deciphered in order to complete an account registration.

The compromised PC sends a request to an external host that tries to solve
the CAPTCHA and then sends the answer back to the PC. Websense estimates the
process has an 8 to 13 percent success rate.

It's unknown how exactly the CAPTCHA gets solved. It's been theorized the process
has been outsourced to real humans who get paid for every one deciphered. But
researchers have successfully developed methods that enable computers to increase
their success rate at solving the puzzles, indicating that hackers have also
figured out how to do it.

Security vendors and researchers have seen a rapid rise in accounts used for
spam on free e-mail services from Microsoft, Yahoo and Google, indicating current
CAPTCHA technology has reached the end its usefulness.

In this case, the Blogger pages created by the spammers are then used to promote
the usual line of spammer goods. But many of those sites are rigged with JavaScript
that redirects the browser to another spammy Web site.

"Spammers include these redirecting accounts in different spam campaigns
rather than including their actual spam domains," Prasad wrote. "Spammers
use this tactic to defeat a range of antispam services."

In effect, they're using Google's Blogger domain as a shield, as it's unlikely
to be blocked by other security software products for being a suspicious domain.

One option for Google would be to prohibit those redirects, said Dan Hubbard,
vice president of security research for Websense. But every additional security
restriction has the potential to drive away users who may use the function for
a legitimate purpose, he said.

For so-called Web 2.0 sites that depend on high numbers of users, that could
create a backlash, causing users to leave, Hubbard said. The redirection feature
could also be tied into the way how advertising is delivered to the blog pages.

Google could also figure out a better way to spot blogs that are being created
through automated bots, since many of those pages have tell-tale signs indicating
machines created them rather than people, Hubbard said. Those detection mechanisms
are still developing, however.

"There's not a lot of people and a lot of technology that does good content
input validation on Web properties, and that's something that we're looking
into," Hubbard said. "Link spam and blog spam is happening a ton,
and obviously that's pretty painful for Web properties."

The latest methods means a potential increase in the number of garbage pages
on Blogger. But the sheer number of Blogger sites on the whole helps the spammy
ones stay under the radar a bit longer, Prasad wrote.

Google has been fighting spam for a long time on Blogger. It uses automated
spam classifying algorithms to keep blogs full of spam links out of its featured
content. Users can also use a reporting tool to alert Google to spam blogs,
but the fight continues.

IDG News Service