[conspire] Web spam and yandex forms

Rick Moen rick at linuxmafia.com
Mon Dec 13 16:47:39 PST 2021


Quoting Akkana Peck (akkana at shallowsky.com):

> But I'm puzzled about another thing they were doing: in addition
> to creating accounts where the username was spam text, which I
> now understand thanks to Ivan and Rick, they were also creating
> accounts with random 10-character usernames like "zhxqbslrmu"
> and a real email address. So the owner of the email address
> would get a confirmation email from a service they've never
> heard of, with a 10-character random username, and hopefully
> would just ignore it. But what good does that do a spammer?

Possibly, the real e-mail address is one that either the spammer created, 
or that the spammer security-compromised.  _Or_ a different explanation
applies:  The comment bot didn't even "understand" that it was reaching
an account signup form, and is just smart enough to find HTTP GET or PUT
forms on the Web and burble spam into them. 

Back when the perhoo_new.csv contributed-content files in my
Linuxmfia.com Knowledgebase was being overwhelmed, day in and day out,
with comment sludge, I got the very clear impression the bots involved
were in no way _aimed_ at the PerlHoo CGI; my link-submission form was
being inundated with utterly inane spamvertising just because every HTTP
form reachable from public networks was (and doubtless still is).

> I get spam like that from quite a few places that have let bots create
> accounts with my email address without verifying it.  I've never
> understood the point: how does it benefit whoever's running the bot?

Spamvertising very commonly uses citations of real e-mail addresses with
bogus realname fields for a variety of reasons including trying to get
past whitelisting -- I think?  Also the reverse happens in spamvertising
and malware mails, citing real people's realnames with a bogus e-mail
address.

I have no doubt that low-probability-of-success gambits get thrown in
all the time, too, because, don't forget, spammers are throwing around
stolen machine resources (CPU, RAM, bandwidth, storage...), so they have
no incentive to use them wisely.  And it's all heavily automated, so
human time monitoring them isn't much of a factor, either.






More information about the conspire mailing list