Recently in Spam Category

This is a rather interesting little tool. People have been making Youtube video rating tools (and spam commenters) for a while now, but with varying degrees of success.

This one combines the two, and also attempts to randomise the Bot comments to some degree, meaning Youtube may well miss a chunk of the fake ratings / messages attached to each video.

Shall we take a look?

This is the rating / comment bot in question, taking the form of an application wrapped around IE:

Youtube Comment Bot, originally uploaded by Paperghost.

In an attempt to win a game of "miss the Bot", the program preloads 50 accounts and numerous comments, and divides the accounts across five "wave" buttons, each containing 10 Youtube accounts. When a user runs the program, the following file is dropped into the Win32 Folder:


It doesn't appear to do anything harmful to the target PC - it simply acts as the source for the account logins and comments.

Anyway, depending on which wave you select, a randomly selected account from each group of ten tries to login to Youtube and rate / comment on a video of your choosing. Some of the accounts have already been flagged by Youtube, so they're not doing quite as well as they'd hoped:

Account Disabled, originally uploaded by Paperghost.

It's easy enough to find some of their success stories, however.

Here's one:

Youtube Comment Bot Spam, originally uploaded by Paperghost.

Here's another, it's Banhammer time:


As you might have guessed, this program has been in circulation on numerous hacking forums for a couple of weeks now and in general, the comments are being posted to videos promoting fake programs that are actually infection files.

Not that you should ever take notice of Youtube comments anyway, of course...

Targeted Spam Ahoy

| | Comments (0)
Click to Enlarge

We're currently seeing a lot of reasonably clever targeted spam, which claims to be from the admins of your mailing service, customer / technical support etc with a rather convincing "we've updated your settings, click here to apply" blurb below it. Quite a few people at FaceTime had one (or more!) drop into their mailbox last night and today, and it's definitely doing the rounds. None of the links I've seen so far appear to be live, but if you hover over the live link in the mail you'll see domains like

As every domain I've seen so far appears to be offline I've no idea if these are attempted phish attacks or involve malware, but you might want to let people in your office know that these things are floating around. You'd be surprised how many smart people will happily trust a mail like this and click, click, click away...

/ Update - these domains are related to the Zeus Trojan, and should be treated with caution. Thanks to Kurt Wismer for the heads up.

Spambot Fail

| | Comments (0)


Hat-tip to Kevin Church for spotting the Bot!
Remember this spamming program? It seems someone decided they really needed MORE SPAM EVERYWHERE. With that in mind, a modified version of that application now lets you send infinite spam messages to up to four people at once.

Click to Enlarge

I've heard somebody devided to go one better, and there's now a tool that spams five lucky individuals. Wonder when we'll hit double figures...

Fake Retweets aren't particularly new, but you might not have seen them before. In a nutshell, there is nothing stopping you on Twitter from placing "RT" at the start of a message then putting in whatever user you feel like after it. For example, if someone wanted to make it look like I was on a drunken insult rampage:


Of course, I never said that - and for a follower of mine to see this message, they'd have to be actively looking for "@paperghost" messages in the search feature so the chances of being horribly offended are slight. However, we can step it up a notch (with the permission of Rik Ferguson who agreed to let me use him for this next bout of fakery):


...whoops. If I'm not someone who bothers to check the authenticity of a Twitter message, then I'm now chasing Rik Ferguson with a baseball bat under the misguided notion that he's smacktalking my mother (actually, he's taller than me so I'll probably just settle for pulling angry faces at the screen).

With that in mind, I saw this pop up in my Twitter feed earlier today:

fakeghostrt1.gif you probably guessed, I didn't say that. Neither did any of these people:

Click to Enlarge

What's the idea? Well, take a look at the links in the above screenshot. The profile is designed to lure Twitter users in with fake retweets (either the person being "retweeted" themselves, or users who follow mentions of that individual and are curious what they're supposedly talking about) and then hope they click one of the many spam / promotion links.

The fake retweets are quite crude, but with a little tweaking they could perhaps make the fake retweets more controversial or include a URL link with the fake message which would probably increase the clickthrough rate.

Remember - if something looks a little odd about a message sent out on Twitter from a contact, check with them that it's the real deal first...

Sadly, no. It is, however, a rather popular bit of Youtube chain letter comment spam currently doing the rounds:


Sadly, touching your nose while saying a name isn't likely to be adopted by the World Health Organisation anytime soon...

Stop: Spammer Time

| | Comments (0)
Awful title gag aside, it seems someone is having a little fun in MSN Messenger land.

They've gone out and phished a number of accounts, then added all the people on their contact lists into one single file available to download.


Why? So you can add all 976 of them to your contact list then start spamming / harassing them.


Of course, the "MSN harassment list" has one fatal flaw - you don't HAVE to accept that random friend request that just popped up on your desktop.

So don't :)
It's yet another "login here to send all your contacts endless amounts of spam" website. This one is called

...and looks like all the other ones.

Click to Enlarge

Created on the 3rd of April 2009, there's also a curious addition to their (always changing) Terms & Conditions:

"You also understand that by temporarily accessing your msn account, CSS Management Inc. is NOT agreeing to MSN's terms of use and therefore not bound by them."

Say hello to "owOHRJ" - or as she likes to call herself, "Lauren".


Lauren is part of a very particular digital plague - those wonderful spammers on Twitter who just cant wait to tell you about their "Free laptop, LOL".

By a strange quirk of fate, I was there moments after her creation and I would be there to witness her somewhat unspectacular demise. Here is the account, roughly ten minutes after it entered our digital world:


Already, Lauren is busy following 149 people, and has picked up a solitary follower. Let's skip forward to her teenage years - roughly 20 minutes after being created:


My, Lauren has been busy! She's pulled in a few more followers, but the amount of people she's going to follow is about to explode as she races headlong into middle age, some 35 minutes after the account went live:


She's now bumped her followers to 20, and is chasing 812 people around Twitter. No doubt they've all been told about her free laptop, LOL. However, a bit of old age seems to be creeping in. We all have to slowdown sometime I guess, which would explain why...


....she's still in the 800 range with roughly 45 minutes used in the name of spamming. Unfortunately for Lauren, the knees are going, the eyesight isn't what it was and then...

Click to Enlarge

....the Great Banhammer From the Sky rains down upon her head.

However, with forty odd minutes on the clock and 800+ people now thoroughly sick of the word "laptop" I think our spamming friend has earned a trip to the next life.

With any luck, it'll be the one with all the brimstone and pitchforks...
Over the past few days, if you were to take a sample of Twitter messages, you'd see a lot of increasingly annoyed people mixed in with inane laptop spam:

Click to Enlarge

The site at the heart of this: a fairly typical "get a free laptop / phone / whatever" URL, and given the incredibly spammy nature of its promotion it seems fair game to advise avoiding it completely. Check out the fresh wave of spam messages from multiple accounts popping up on Twitter even as I'm typing out this blog entry:

Click to Enlarge

If you're wondering, the spam accounts all pretty much look like this:

Click to Enlarge

It's a little depressing that the spam profile above already has 148 people following it. Someone at Twitter needs to try and get a grip on this one before every other message sent out is FREE LAPTOP, LOL.


About this Archive

This page is a archive of recent entries in the Spam category.

Social Networking is the previous category.

Spyware Research is the next category.

Find recent content on the main index or look in the archives to find all content.