blogspot_spam.html
 

I have a domain where ~90% of the spam contains a link to blogspot.com, and each spam has a
unique blog.

Here are samples which I received and reported (per abuse.net) to
abuse@blogger.com on 3/15. None of the blogs have been nuked, with one
possible exception, which doesn't really count.

http://lorenacostellok560.blogspot.com/
<meta content='0;URL=http://cloyswen.com' http-equiv='refresh'/>

http://cemcgpogkp85.blogspot.com/
<meta content='0;URL=http://littleterm.com' http-equiv='refresh'/>

http://spkcodmoda28.blogspot.com/
<meta content='0;URL=http://littleterm.com' http-equiv='refresh'/>

http://kuxpfbfrk75.blogspot.com/
<meta content='0;URL=http://littleterm.com' http-equiv='refresh'/>

http://srcqacpgs72.blogspot.com/
<meta content='0;URL=http://littleterm.com' http-equiv='refresh'/>

http://sherryclowdusqn198.blogspot.com/
<meta content='0;URL=http://cloyswen.com' http-equiv='refresh'/>

http://xuxchhgcdg66.blogspot.com/
<meta content='0;URL=http://littleterm.com' http-equiv='refresh'/>

http://cxgpxkhr65.blogspot.com/
Now this one is interesting. When I load the page I sometimes see a
message saying "This blog is in violation of Blogger's Terms of Service
and is open to authors only"
But then it _still_ redirects to the spammer's site, which
happens to be http://littleterm.com.

So, 4 days after receiving abuse reports google's termination rate is
(at best)1/8, their nuke page doesn't work, and when they do attempt to
suspend a blog, they're not suspending other blogs which have the same
redirect. It brings back memories of the angelfire/geocities of ten
years ago.

Today's blogspot spam is redirecting to sudesitio.com, which is sitting
on the same IP (216.94.112.39) as littleterm.com. Spamhaus has it
identified as Leo Kuvayev / BadCow.
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63810

(they also have 119.18.198.202 (cloyswen.com)SBLed as a "Spammer
controlled block")

MCI Communications Services, Inc. d/b/a Verizon Business UUNETCA6-A
(NET-216-94-0-0-1)
                                  216.94.0.0 - 216.95.255.255
Cable VDN Inc. CVDN-UUBLK3A (NET-216-94-112-0-1)
                                  216.94.112.0 - 216.94.112.255
Vison Globale VDN-VISIONGLOBALE (NET-216-94-112-32-1)
                                  216.94.112.32 - 216.94.112.47

OrgName:    Vison Globale
OrgID:      VISONG
Address:    80, rue Queen, suie 201
City:       Montreal
StateProv:  QC
PostalCode: H3C 2M5
Country:    CA

NetRange:   216.94.112.32 - 216.94.112.47
CIDR:       216.94.112.32/28
NetName:    VDN-VISIONGLOBALE
NetHandle:  NET-216-94-112-32-1
Parent:     NET-216-94-112-0-1
NetType:    Reassigned
Comment:
RegDate:    2002-02-16
Updated:    2002-02-16

RTechHandle: MC1782-ARIN
RTechName:   Chouinard, Michel
RTechPhone:  +1-514-879-0020
RTechEmail:  info@visionglobale.ca

OrgTechHandle: MC1782-ARIN
OrgTechName:   Chouinard, Michel
OrgTechPhone:  +1-514-879-0020
OrgTechEmail:  info@visionglobale.ca

Home