Saturday, March 20, 2010

fooled by spam

march has really not been my month. first i find out that not only have i finally had my very first malware incident but that it had also been present for nearly a year, and then i get fooled into approving a comment that is in actuality spam.

cdman83 has a writeup on the spam campaign, and gunter ollmann got the final word from sophos that it really was someone loosely associated with them (an employee of a company they hired) who was responsible and who they intend to take to task over the fiasco.

perhaps i'm losing my touch in my old age and becoming too trusting, too willing to give the benefit of the doubt. then again, if i'd had the multiple comments that gunter ollmann had i would have had a far less ambiguous dataset from which to draw conclusions from. i guess i shouldn't feel too bad about being fooled, after all i was only fooled into approving a relatively benign comment - sophos was fooled into hiring the company in question in the first place and giving them money.

2 comments:

Anonymous said...

One thing I've noticed about spam in my own blog is how not-obvious they're becoming. Sure, html links, addresses, and broken english are easy to spot as are advertising names and gibberish. But there are way too many that try to just say, "Hey nice site!"

Every now and then, I really have to read the entire thing completely before deleting it. And other times, I've read them thinking, "Wow, I remember a few years ago when I legitimately would post a comment on a blog just to say thanks for the nice post, and now that content is spam!"

-LonerVamp

kurt wismer said...

@lonervamp:
i've been seeing the same thing here. it's compounded by the fact that blogger doesn't give you all the relevant information about a comment prior to accepting it - there have been some really ambiguous comments that i had to publish and then read in order to discover that url in their name/url pair points to some *.info site.