[nsp-sec] Profilespam - likely proxies.

Peter Moody pmoody at google.com
Mon Oct 12 12:40:40 EDT 2009 

ack gmailz.

On Sat, Oct 10, 2009 at 1:38 AM, Scott A. McIntyre <scott at xs4all.net> wrote:
> ----------- nsp-security Confidential --------
>
>
> Hi,
>
> A friend of mine is an administrator of www.myexperiment.org where they've recently been hit pretty hard by folks creating fake profiles which contain links to other sites -- presumably some sort of an attempt to increase search result hits.  The sites referred to didn't seem to have any "obvious" signs of malware, but I only looked at a handful.  Some were even at Amazon or Youtube, which was a bit odd.
>
> The following list of ASNs had systems which were used to create these bogus profiles.  In some cases these are probably running some proxying malware, in other cases, it may be humans.  The destination site is running a captcha system but, predictably, that isn't providing much protection.
>
> 852
> 3320
> 4775
> 4788
> 5089
> 5607
> 5778
> 6648
> 7132
> 9105
> 9299
> 9829
> 10139
> 10507
> 11556
> 12390
> 14051
> 17488
> 17557
> 17806
> 17895
> 17974
> 18101
> 19262
> 20115
> 20804
> 24560
> 33660
> 34397
> 38023
>
> The attachment "asn.txt" to this mail has the specific IPs for these systems.
>
> The second attachment, "user_list.txt" contains the URLs which were being inserted into the bogus profiles, as well as the email addresses used as part of the signup verification process.  Lots of Yahoo and Gmail accounts - so maybe of interest to our representatives from those places.
>
> I realise these are drops in the ocean when it comes to this type of provider-service abuse, but there may be something in the data here which someone recognises as part of a larger pattern, specific malware, whatever.  The times in the asn.txt are UTC+0100, by the way.
>
> Happy hunting,
>
> Scott A. McIntyre
> XS4ALL Internet B.V.
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
>



-- 
Peter Moody      Google    1.650.253.7306
Network Security Engineer  pgp:0xC3410038

More information about the nsp-security mailing list