Strip CAPTCHA Spam

TROJ_CAPTCHAR.A screenshot

Whatever useful stuff the good guys come up with, the bad guys ain’t far behind. A few months back I wrote about researchers at Carnegie Mellon coming up with a way to use CAPTCHA tools to help decipher words in text by the Internet Archive. The basic idea is that the effort to prevent spammers and others automating their intrusion into websites (signing up for stuff, comment spam etc) should not be wasted.

Now a sleazeball has found a way to do the same thing: get folk to decipher CAPTCHA texts through a small program, delivered by Trojan, that offers striptease in exchange for guessing the texts correctly (Trend Micro, via via Seth Godin):

A nifty little program which Trend Micro detects as TROJ_CAPTCHAR.A disguises itself as a strip-tease game, wherein a scantily-clad “Melissa” agrees to take off a little bit of her clothing. However, for her to strut her stuff, users must identify the letters hidden within a CAPTCHA. Input the letters correctly, press “go” and “Melissa” reveals more of herself.

However, the “answers” are then sent to a remote server, where a malicious user eagerly awaits them. The “strip-tease” game is actually a ploy by ingenious malware authors to identify and match ambiguous CAPTCHA images from legitimate sites, using the unsuspecting user as the decoder of the said image.

As Trend Micro points out, the CAPTCHAs in this case are from Yahoo! Web site, suggesting that a spammer is building up Yahoo! accounts.

CAPTCHA Wish Your Girlfriend Was Hot Like Me? – TrendLabs | Malware Blog – by Trend Micro

Technorati Tags: , , ,

The Anger of the Blogger Spammed

There’s something just so lame about comment spam dressed up as a legitimate comment that it gets me angrier than I do with ordinary spam, blog or otherwise, for some reason. (Comment spam/blogspam/linkspam is when individuals automate posting of comments on blogs to build traffic and Google rankings by having links to their sites on other sites. Some comment spam is just gibberish, but would still boost Google rankings because of the links contained somewhere in the comment, while others pretend to be legitimate comments.)

I think it’s because I’m as much a sucker as the next guy for anyone saying anything nice about me or my blog, and the anger of realising I’ve just been spammed by some dork who wants to promote their website on your real estate is of a deep, visceral kind.

This I just got on a posting about the weirdness of online auctions in Singapore:

Excellent Blog. Very informative. And very well organized.

Online Auctions are really looking up with more and more people interested in buying and selling product online.

Keep it up. We need more such blogs which provide quality information.

No sign in there the writer has actually read the blog. Clearly just a blast at all blogs mentioning the word ‘auction’. In the name and URL field of the comment the sender gives his name and his website. I would publish both here but it would just drive traffic, and I’m guessing if the guy is already stooping to comment spam he’s not going to be shamable. Still, if you were to block all comments from 202.65.144.5 you might be doing yourself a favor. And let’s just say the spammer in question is quite prominent in Indian circles as “an Internet Entrepreneur, Online Biz Consultant, Hypnosis & NLP “Guru” and a Prolific writer.” Prolific as in prolific spammer?

Bottom line: Please don’t comment spam me. All comments have to be approved first so you’re just wasting my time and yours, not the reader’s.  And shouldn’t we be treating comment spammers like ordinary spammers, and making all efforts to shame them and inform their ISPs?

technorati tags: , ,

HP Blogger Deletes Another Customer Comment

A few days ago I wrote about HP’s censoring, and then uncensoring, of a comment to its blog. The removal of the comment caused a furore and led to the HP blogger, David Gee, apologising and acknowledging the good learning experience:

This was a good learning experience for us and we strive to maintain honest and open communication with our customers. If we are going to use blogging as a legitimate connection between us and our customers, we need to choose either to be in all the way or out. We choose to be in. We want to hear from you.

Kudos to them, but I couldn’t help noticing they’ve done it again. As I pointed out in the previous post, another customer had posted an even more outspoken comment, as follows:

I think you are a bastard if you delete posts like that. We have freedom of speech in this country and if you dont like it, THAN MOVE!

Wanna know what I think of HP??? I think HP is the worst computer company ever to exist! They lie. I got lied to 5 times over the phone during a series of technical support calls.They told me that if they sent the fixed product to me and it wasnt “really fixed”, that they would issue a refund. But you know what they did? They replaced (and deleted all of my data) the hard drive!! The problem was the internal WIFI card that I did not want to spend $50 buying a new one!

This Country is a democracy, and if you dont like it, than move!

-Casey S Posted by AngryHPCustomer#9999999991 on May 8, 2005 1:09:49 AM PDT

When I wrote the earlier post on Monday, Asian time, that post was still there. Two days on, I’ve looked hard, but I can no longer find it. Seven hours after AngryHPCustomer Casey S posted his comment, David Gee posted this:

Thanks for all the feedback and commentary here, in Slashdot and by Dan Gillmor. There’s a lot of constructive opinion which I for one greatly appreciate, and we’ll try and keep the spam and defamatory entries sidelined so we can focus on the discussion at hand.

I’m guessing Gee judged Casey S’ comments to be defamatory rather than spam. But are they? Well he does call David Gee a bastard, but he does make it conditional on him deleting posts such as the one the post is discussing. So I’m not sure how defamatory that is. Casey S’ post does contain some spelling errors, but it also contains what appears to be some legitimate feedback on HP’s customer service, albeit expressed in insufficient detail for HP to pursue directly.

But there’s a bigger point here. David Gee admitted messing up on the first deletion. That’s good. This second one is more tricky. But blogging, and taking comments, is not just about constructive opinion expressed politely. ‘Honest and open communication’ means just that. It means allowing all sorts to express their views, however poorly they may do so. Offensive comments that have no bearing whatsoever on the subject should be removed; offensive comments that do have some bearing on the discussion should either have their offensive wording removed (offensive being the comments about David Gee’s illegitimacy, not the assessment of HP as ‘the worst company ever to exist’), or the post removed and an explanation as to why put in its place. To do neither, and just remove without ceremony or explanation the post on a topic entitled ‘Taking It On The Chin’, ends up distorting the comment record and making a mistake little different to removing the earlier comment.

To parse David Gee’s subsequent comment more deeply: Lumping ‘spam and defamatory entries’ together is somewhat disingenuous, since it appears to put CaseyS’ comments in the same bucket as comment spam. Which it clearly is not. The word ‘sidelined’ to me sounds like a euphemism for ‘deleted’ or ‘erased’, since I can no longer find any record of CaseyS’ post. To talk about doing this to ‘focus on the discussion at hand’ sounds to me like steering a debate in the direction one wants, which is not what comments on blogs are about. Lastly, I’d suggest that CaseyS’ comments, though distasteful to some and not as coherent or directly relevant as others on the page, do refer to the ‘discussion at hand’, namely censoring blogs. Indeed, by removing the comment, David Gee has made CaseyS’ comments directly relevant to the ‘discussion at hand’.

In short, blog censorship is a tricky business and I’d urge HP not to indulge in it unless it really has to. Removing comment spam and comments that are clearly unrelated to the topic in hand is a no-brainer; they are no use to readers of the blog. But anything else is censorship, however disagreeable it may be to read. Casey S, however badly expressed his comments were, had a point. He is a customer, apparently, with a complaint. He should be heard, and his complaint should be investigated. He should not be erased without an explanation. HP — and other big companies embracing this new medium — have only just begun its learning experience.

(I’m going to send a note to David Gee and ask for his comments, which I’ll post here later.)