A small number of the Internet's most prolific comment spammers are generating the lion's share of comment spam that can often sit waiting to compromise visitors' computers for long periods of time, an Imperva analysis has warned.
The security firm's Anatomy of Comment Spam analysis explored comment spam from both the attacker's and victim's perspectives over the course of two weeks. Data was collected on attacks against over 60 different online applications, with analysis showing that 17 percent of comment spammers were responsible for the majority of comment spam.
Comment spam usually relies on automated agents to register and post spam – usually commercial and often malware-laden – in public and private forums. Decisions about which forums to target are often made based on lists of vulnerable sites – those that allow public commenting and automatically approve comments – that can be purchased online for prices that Imperva said typically sit around $US40 for 13,000 URLs.
Sites that were successfully attacked tended to be targeted with increasing intensity, with 58 percent of comment spammers active for long periods of time and 80 percent of comment-spam traffic generated by just 28 percent of attackers.
“Most of the comment spam traffic originated from attackers who have been active for long periods, and attacked multiple targets,” the researchers concluded, noting that 72 percent of attackers were active for only a single day and only attacked a single target.
Recognising that many sites are slow to respond to comment spam, Imperva's analysis concluded that the figures confirm the importance of constant vigilance over services offering user comments. Use of IP-reputation tools can help block comment spammers early in their campaigns, while identifying spammers early on and blocking their requests can prevent most of their malicious activity.
High levels of vigilance are crucial because spammers are actively developing countermeasures to thwart efforts to stop their activities. For example, 'Spintax' messages can be generated to promote particular keywords and are used in article-spinning campaigns to avoid blocking by comment checkers that block multiple postings of the same message.
Imperva encourages companies aiming to reduce their exposure to comment spam to look into a range of defensive tactics including content inspection (using tools like Akismet), source reputation checks (through the likes of www.projecthoneypots.org and www.stopforumspam.com), use of the HTML 'rel=”nofollow”' tag to disempower search engine optimisation (SEO) efforts, and CAPTCHA or other methods that require human comprehension and intervention to successfully post a comment.
This article is brought to you by Enex TestLab, content directors for CSO Australia.