Sunday, November 02, 2008

hooked by vanity: spam: be careful!

A google vanity blog and news alert for "pig sty avenue" - which has been set up for several months, has twice hooked me this weekend. In the alert that's emailed you see the ref to the search term amongst the text it's been published with.

It was quite intriguing, written in lower case with punctuation errors, there's a reference to someone called "stevie" who borrows a tenner from pig sty avenue... Which naturally had me clicking on the link, and there you are on a page selling anti-virus software, with dialog boxes popping up threatening dire extremities if you don't download their software. It appears to be doing a scan of your hard drive.

You can't close it, and need to ctr-alt-del and launch the task manager to close Firefox. Almost the same thing happened yesterday, but it must have been a different link I clicked on then, I can't remember, and I got out of it without needing to close Firefox.

I copied link location on the google alert and it came up with this (head and tailed it to prevent it being a live link): zoloft-and.etre.osa.pl/sty-on-the-eye-egg, where the head is http:// and the tail .html.

I suspect that it uses some kind of bot to assemble random words (including names) and phrases which will occasionally come up with real names and text strings which will occassionally make sense, putting the vain google alertist under the impression that s/he's involved in some kind of blogged-about event, enticing their click into an aggressive and invasive selling environment.

Clever, eh?

I don't know if it's left any malware behind, and I'm doing a scan now.