Welcome, Guest. Please login or register.
Saturday, May 25th, 2013, 3:04am
Home Help Calendar Search Register Login

Forum Login
Username: Create a new Account
Password:     Forgot Password

 Board Index    Spam    The Latest Offenders  ›  Google Groups Abuse - the new gorgon
Users Browsing Forum
MSN Bot and 0 Guests

 Pages: 1
Recommend Print
  Author    Google Groups Abuse - the new gorgon  (currently 4,420 views)
MarkGiles
Posted on: Friday, January 30th, 2009, 8:10pm Report to Moderator
All-Star


Posts: 363
Over the last week in January 2009, Google Groups has come under a concerted attack from spammers.
February will see whether the monolithic Google Corporation is nimble enough to grapple with its gorgon.

Using free services to set up redirections to the usual illegal pharmacies and fake watch scams is nothing new. It is a spammer tactic that is well documented and understood. These days, the combination of honeypots (or spamtraps) and the rapid development of spam source and spam URL blocklists have become a potent force in filtering the spam, that is reaching epidemic proportions.

Spammers create a few hundred of these "straw men" sites, that redirect to the site that they want to keep out of the URL blocklists. So in their spam, they will use one of these hundreds of straw men sites, which they expect to have a life cycle of only a few hours. By rotating through hundreds of such straw men sites, the actual target web site never gets exposed in the spam, and evades the blocklists.

In the past week, the spammers have hit on Google Groups as an easy target for their abuse.

Let's work through one example out of the thousand live sites out there. First, the spammer creates a Google Group called

http://aanatoli04124sb.googlegroups.com
If you go there, you find nothing. But then he adds a link in that group to a particular web site

http://aanatoli04124sb.googleg.....kXU5InE09W2o0GCSVgCQ

Click on that, and you will end up at a Prestige Replicas scam site, exposed at http://spamtrackers.eu/wiki/index.php/Prestige_Replicas

To attempt to hide the actual site, it is contained within a frame, so it does not show in the address bar. The actual frame is at http://dicemall.com/
That's the one that they are trying to protect from blocklists.

McAfee has some site advisories on this piece of work at htp://siteadvisor.com/sites/dicemall.com

There is more information about this whole operation, together with several hundred examples of spammed googlegroops.com URLs, at http://spamtrackers.eu/wiki/index.php/Hosters

All that Google needs to do, is to write a never ending program to scan through all of its Google Groups, matching on a pattern of behaviour, and killing each group that matches.

Existing sites that list the abuses are at the above Spam Trackers Wiki, and at the URIBL blocklistsite:
http://rss.uribl.com/hosters/googlegroups_com.html
That site currently lists 98.44% - 1008 of 1024 active subdomains listed in last 5 days on googlegroups.com..  
That tells you that 98.44% of new Google Groups created in the last 5 days are for this scam, and are in breach of Google's Terms of Service.

Personally, I do not believe that Google is in the business of sponsoring crime. I believe that they will notice the problem, and act quickly to resolve it.

If they don't, the egg is all over their face.
Logged Offline
Private Message
MarkGiles
Posted on: Sunday, June 14th, 2009, 1:01am Report to Moderator
All-Star


Posts: 363
It is now June, and still Google seems to be too inept to combat the abuses of its free services. McAfee SiteAdvisor reviews spell it out, as in these samples from thousands of similar reviews

http://siteadvisor.com/sites/simmonsvexace1988.googlegroups.com
http://siteadvisor.com/sites/petersonwawihe1983.googlegroups.com
http://siteadvisor.com/sites/jonesvumewo1977.googlegroups.com
http://siteadvisor.com/sites/sanchezzepyxe1982.googlegroups.com


Quoted Text
Canadian Pharmacy, the worst pharmacy fraud on the Internet today, is a redirection target from Google Groups abuse. The size of the abuse can be seen from the spam trap honeypot report at http://rss.uribl.com/hosters/googlegroups_com.html where we find 93.11% - 2297 of 2467 active subdomains listed in last 5 days on googlegroups.com.

You can find how these work by taking the googlegroups site name and appending /web/index5.html eg
http://martinezgocixa1984.googlegroups.com/web/index5.html
You can expect to see something like:
..    Found
..
..  Please click the following link to continue.
..
..    /web/index5.html?gda=-tt7uT4AAADQWyHJ2MnBqzVxnkQ2TW4zzUUP6J9PDJSbNFXcf0U1y07SxctPdWbMD_zd-_UpXtjjsKXVs-X7bdXZc5buSfmx
That will give you the link to click to see the redirection.  OK, got that, Google?

Canadian Pharmacy criminal evidence:
1. http://www.spamhaus.org/statistics/spammers.lasso #1 Most Wanted - "tens-of-millions of spams per day"
2. http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy

The free googlegroups service is so totally abused that it would be a public service if Google shut it down.
Logged Offline
Private Message Reply: 1 - 6
MarkGiles
Posted on: Tuesday, June 16th, 2009, 7:35pm Report to Moderator
All-Star


Posts: 363
Example of a redirection exploiting googlegroups
http://simmonsvexace1988.googl.....JqVGQjjUuLbTNV6JYuUT
which redirects to
http://www.ultraviagra.com/
Canadian Pharmacy again, courtesy of Google's googlegroups abuse

The current abuse rate is
96.23% - 2295 of 2385 active subdomains listed in last 5 days on googlegroups.com.

Reference: http://siteadvisor.com/sites/bryantqyfuky1986.googlegroups.com
Logged Offline
Private Message Reply: 2 - 6
MarkGiles
Posted on: Tuesday, June 16th, 2009, 7:44pm Report to Moderator
All-Star


Posts: 363
Google has taken action, too little, too late, too ineffective
.
Google has gone public with a confession that it is knowingly supporting crime:
http://groups.google.com/support/bin/answer.py?hl=en&answer=141369
Now they pop up a warning message, saying that you have the option to view a spammed site. But Google, this is NOT A SPAMMED SITE. It is an ILLEGAL pharmacy fraud run by the Internet's #1 most wanted criminal organization, the one that pollutes the Internet with its Canadian Pharmacy spams for a web site that is clearly illegal.

Sponsorship of crime is abominable. That a company like Google can indulge in it is reprehensible, and places Google on the same level as the criminals behind Canadian Pharmacy. Go hide your heads in shame.
Logged Offline
Private Message Reply: 3 - 6
MarkGiles
Posted on: Sunday, June 21st, 2009, 10:50pm Report to Moderator
All-Star


Posts: 363
More reviews of the googlegroups spam abuse and Google's apparent sponsorship of crime
from http://siteadvisor.com/sites/butlerwimuco1988.googlegroups.com
[quote]
GOOGLEGROUPS spam abuse.

See the list of abuses on googlegroups.com sites at http://rss.uribl.com/hosters/googlegroups_com.html where we can discover the abuse rate is 96.66% - 2318 of 2398 active subdomains listed in last 5 days on googlegroups.com timed at Mon, 22 Jun 2009 02:24:01 +0000

All sites contain a <meta http-equiv="refresh" content="0;url=[some malicious redirection URL here]/>
That makes an easy "fingerprint" that Google can use to REMOVE these sites, not just flag them as spammed sites.

Sampling 63 redirections, we find:

...      4 http://pharmwholesaletotal.com.cn [ http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy ]
..     16 http://storedrugsour.com.cn [ http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy ]
..     24 http://www.aigjekoo.cn/ [ http://spamtrackers.eu/wiki/index.php/Diamond_Replicas ]
..     19 http://www.ailoznso.cn/ [ http://spamtrackers.eu/wiki/index.php/Diamond_Replicas ]

Google is sponsoring access to two of the worst criminal spammed sites on the Internet today, as listed at the above links for criminal evidence and at the Spamhaus top 10 worst cyber-criminals [ http://www.spamhaus.org/statistics/spammers.lasso ] [/quuote]
Logged Offline
Private Message Reply: 4 - 6
MarkGiles
Posted on: Tuesday, June 23rd, 2009, 5:48pm Report to Moderator
All-Star


Posts: 363
Sample GOOGLEGROUPS.COM sponsored redirections to fake watch touts from June 23-24
http://andersonjiruhe1986.goog.....sKXVs-X7bdXZc5buSfmx
http://edwardsculexi1983.googl.....sKXVs-X7bdXZc5buSfmx
http://edwardskejoba1984.googl.....sKXVs-X7bdXZc5buSfmx
http://gonzalesgyculi1977.goog.....sKXVs-X7bdXZc5buSfmx
http://gonzalezxivywi1982.goog.....sKXVs-X7bdXZc5buSfmx
http://turnerlimeqy1978.google.....sKXVs-X7bdXZc5buSfmx
http://walkertacalo1978.google.....sKXVs-X7bdXZc5buSfmx
http://williamslyjeva1986.goog.....sKXVs-X7bdXZc5buSfmx
Logged Offline
Private Message Reply: 5 - 6
MarkGiles
Posted on: Saturday, July 18th, 2009, 5:45pm Report to Moderator
All-Star


Posts: 363
Found in McAfee SiteAvisor reviews:

Google is again sponsoring the worst cyber-criminal operaion on the Internet today - Canadian Pharmacy. It is listed at the top of the Spamhaus ROKSO most wanted list - http://www.spamhaus.org/statistics/spammers.lasso
and more incriminating evidence is at the spamtrackers web site, http://spamtrackers.eu/wiki

What a disgrace to find that Google is a sponsor of these criminals at http://groups.google.com/group/newsgr
Logged Offline
Private Message Reply: 6 - 6
 Pages: 1
Recommend Print

Locked Board Board Index    The Latest Offenders  [ previous | next ] Switch to:

Thread Rating
There is currently no rating for this thread
 
Forum Rules
You may not post new threads
You may not post new threads
You may not post polls
You may not post attachments
 HTML is off
Blah Code is on
Smilies are on

Powered by E-Blah Platinum 9 © 2001-2005