Dangerous Comment Spam – Deadly Links

image For many Bloggers, particularly technology Bloggers, comments are an important part of the mix. Amongst other things, comments can spark discussion (always a good thing), allow a reader to present his/her point of view, share tech wisdom, or spread the word on a unique piece of software.

But, Blog comments are not without their share of issues; with comment Spam, in my view, being the leading problem. Spam is virtually everywhere on the Internet. In your inbox, on Twitter and Facebook and other social networks, and so it’s not surprising that you’ll find Spam Blog comments.

Let me throw some numbers at you. In the roughly two years I have been writing this Blog, there have been 61,560 comments of which 55,957 have been Spam. In other words only 5,603 have been legitimate comments or, barely 1 in 10.

WordPress, on which this Blog is hosted, has a Spam plug-in filter, Akismet, which does a reasonable job of catching comment spam. Akismet automatically analyzes comments and flags for review, those it considers Spam. This is not as effective as it once was, since it’s now much harder to distinguish Spam comments from legitimate comments.

image

Since it takes time and effort to manually cull comments so that they are  relevant and Spam free, there are Bloggers who are fairly complacent and who rely only on a Spam filter to do this job. In doing so, they miss the reality: Spam filters can often miss comment spam, some of which is highly dangerous.

While comment Spam is a pain for the Blogger, a reader who follows a link in a malicious Blog comment, which leads to a malware site, is in for a very painful experience.

Here’s a case in point – just this past week (and not for the first time), a site which is renown as a site that specializes in malicious content, left a comment which was not filtered by Akismet. This comment included a link, to a free application, which supposedly was superior to the free application I recommended in the article.

Spam Comment

The comment itself looks harmless – but you pay me to be careful – right?

If I’d allowed this comment to be posted (and I’ve seen this comment published many times, on many other sites), a reader who followed the link would have become infected simply by visiting the site.

Don’t think that this is an unusual set of circumstances – it’s not. On an average day, 10 or more comments (thankfully picked up by Akismet), contain malicious or dangerous links.

Some advice:

Be cautious when following links contained in comments on any web site – not just Blogs.

Be particularly cautious of comments, on any web site, where the writer is describing a problem with recommended software and offers a link to alternative software.  This is a favorite technique employed by cyber-criminals. All software reviewed on this site, for example, has been thoroughly tested for usability. If a reader has a problem with recommended software, it’s generally a machine specific problem.

Be cautious when following any link contained in any web site, since the latest reports indicate there are 5.8 million individual web pages infected across 640,000 compromised websites. Cyber-criminals are finding it easier than ever to inject malicious content into legitimate sites.

Since the majority of infected sites are infected with Java based scripts, consider using Firefox with the NoScript add-on active. NoScript offers superior protection.

Install an Internet Browser add-on that provides protection against questionable or unsafe websites. My personal favorite is Web of Trust, an Internet Explorer/FireFox add-on, that offers substantial protection against questionable or unsafe websites.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

2 Comments

Filed under Anti-Malware Tools, Don't Get Scammed, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Freeware, Internet Safety, internet scams, Malware Advisories, Software, Windows Tips and Tools

2 responses to “Dangerous Comment Spam – Deadly Links

  1. “Comment Spam”? The world has gone crazy. I installed NoScript ages ago, but I turned it off as it was a major nuisance in preventing web sites from working correctly. The decider was when it interrupted a financial transaction so that I wasn’t sure whether or not it had completed.

    I use WOT, though I’m not happy with the ratings supplied and have ignored them on quite frequent occasions as I knew the red-rated links were actually fine. I find McAfee Site Advisor much more user-friendly, though it has some nasty hooks into my system.

    Just my ha’peth (translation: 2 cents) Bill. Thanks for an enlightening post on yet another feeding ground for Spammers. I don’t know how non-geeks survive on the Internet at all.

    • Bill Mullins

      Hey Dave,

      The heart of the matter is your comment “I don’t know how non-geeks survive on the Internet at all”. The answer is – they don’t, which is why the cybercrime spree will continue unabated. An intolerable reality; but a reality nevertheless.

      All we can do, as best we can, is continue our attempt to educate the unwary.

      Bill