yesterday on a blog i help maintain, we came across a spam post that traversed our filtering:

—–
name: lin | e-mail: lindy_rucker@hotmail.com | uri: http://www.xanga.com/lindy_15 | ip: 209.106.208.131

hey hoe alot of my friends get hit on all the time
—–
^^^ “hit on” is a bit of a give away, but this post was about getting infected with something so it is not clear-cut.

going to that page (at xanga, warning sign), it seems like yet another page created by a kid, and that this is real.

the message may or may not be real, i am just not sure how a 15 year old girl who can only write about her boyfriend in a repeated one-liner gets on a low-level security site.. and comments? why would she even care?

is this site maybe auto-generated to help get by the spam filters? some other ideas?
anything malicious there anyone notices?
is this… legit?!

not me nor my friends can find anything malicious there. further, looking at her blog and some other sites we can relate to her, she seems to have been around for a while. that’s a plus point for legit.

i’ll let you decide if that site has anything malicious on it, but no. this is spam, and the web page (blog) is auto-created (or manually) to give it credibility.
the two most likely scenarios are that this is either a proof of concept to use blog systems as infection seeding grounds, or to train filters to let spam through. at least these would be my best 2 educated guesses.

another educated yet paranoid guess is that someone is pinging us (casing the store for a sting), seeing how sensitive our sensors and filtering systems are.

there is an option i’d call careful; can this be more than just a well orchestrated ping, but rather that the site was created for that specific purpose that long ago (2004)? [hat tip to spam huntress]

i can always be wrong and this is real or a joe job, but for some reason i doubt it. even if the site is real the post is not.
blogs are quick&dirty sites to create and easily fill with content. this is a bit scary.

feel free to enlighten me… i’d love more opinions as this is all just, indeed, only my opinion, especially if yours proves mine wrong! :)

my most recent previous posts on the subject:
blog attacks
comment spam: new trends, failing counter-measures and why it’s a big deal
comment spam: drive-by sites, domains and spyware – analysis, samples and facts

matthew murphy’s post on xanga:
xanga worm

gadi evron,
ge@beyondsecurity.com.