Monday, March 17, 2008

Phishing traps via blog post comments - a newer variant

The other day I allowed a comment a bit like this one to be added to one of my blogs:
Hello. This post is likeable, and your blog is very interesting, congratulations :-). I will add in my blogroll =). If possible gives a last there on my blog, it is about the Smartphone, I hope you enjoy. The address is
The spelling and grammar was a bit better, but the form was similar (I removed part of the URL). I checked the site prior to approving the post and it seemed superficially legitimate.

Today I received two more pending comments, each with slightly different wording and different web topics.

Clearly, I got fooled. I shouldn't have allowed the first comment of this class. I'll have to hunt it down and delete it.

My guess is all the sites referenced in these comments are either compromised legitimate sites or they are trap sites. Maybe all they need is for someone reviewing the posts, like me, to check if the site is legitimate. The recent "breaking" of Google's CAPTCHA technology may be a part of the operation.

I just hope I used a Mac for my original site check, and not my XP machine! XP boxes are so vulnerable they really shouldn't be allowed on the web.

I'll be extra careful going forward.

Update 3/11/2010: I loved this comment I received today ...
So, you aproved one of the comments and received a few similar ones? What's bad about that? You don't have to approve the other ones if you don't want to. I don't see any trap here.
The author's name was linked. It didn't resolve to a person, it resolved to a spam blog (splog) article. It wasn't a direct phishing attack comment, but it was of the same genre of comment spam. In this case the desire is to increase pointers to a fraudulent web site, to do "search engine optimization".

Why do I love this example of comment spam? Because it's a fraudulent comment complaining that I'm dissing fraudulent comments. That's kind of funny.


Clara the Lady Wolf said...

Yes, it pays to be careful. I hadn't been moderating commnents on my blog until a couple of days ago, when an anonymous person put a website URL (and nothing else) as a comment on my post relating to our need to demand safe foods, the perils of Chinese imports, etc. I deleted the comment so that no reader would land on a malware-laden site. I then decided moderating is necessary.

Writer said...
This comment has been removed by a blog administrator.