[LINK] Spam via Blog Insecurity and Google Alerts?

Roger Clarke Roger.Clarke at xamax.com.au
Mon Oct 16 15:38:33 AEST 2006 

Here's an odd one.

I have a couple of Google Alerts set, including one on 'Australia Card'.

I received a notification this afternoon whose body read:

    <ORDER XANAX, 2 mg xanax, cheap xanax online>
    Digital Divide Network - Newton,MA,USA
    ... New &quotMore drugged order xanax free xanax, cod delivery, portal
    IndymediaOrder TWiki TWiki xanax effects, order xanax , order xanax
    australia card to find ...

Probably not what I was after, I said to myself;  but let's check it out.

The headers (copy below) say the alert-message came from 
wr-out-0708.google.com, which does indeed resolve to 
64.233.184.<241-250>, and an appropriate reverse-DNS entry is in 
place.

The text inside the angled brackets <ORDER XANAX ...> was a hotlink to:
http://www.digitaldivide.net/blog/orderxanax/view?PostID=18557

That URL comes up with a custom-built 'Not Found' page.

A site-search on the keyword <Australia Card> finds no hits.

But there's an ad on the 'Not Found' page.
When clicked on, it resolved to:
http://www.canadianfamilypharmacy.com/cfp/?aff=2025&service=yes-581-ok&action=xanax

[There's a rarity - I clicked-through on a web-ad!!]

Do we have a new form of indirect spamming scam?  (Or is it old and 
I'm a dubbo for not twigging to it before?).

_________________________________________________________________________

Return-Path: <googlealerts-noreply at google.com>
X-Spam-Checker-Version: SpamAssassin 3.1.4 (2006-07-26) on arnold.apex.net.au
X-Spam-Level:
X-Spam-Status: No, score=-3.9 required=6.0 tests=AWL,BAYES_00,
	DNS_FROM_RFC_ABUSE,DRUGS_ANXIETY,HTML_50_60,HTML_MESSAGE,
	MIME_HTML_ONLY,SPF_PASS autolearn=no version=3.1.4
X-Original-To: Roger.Clarke at xamax.com.au
Delivered-To: rclarke at apex.net.au
Received: from wr-out-0708.google.com (wr-out-0708.google.com [64.233.184.247])
	by mail.apex.net.au (Postfix) with ESMTP id 493CE3802BC
	for <Roger.Clarke at xamax.com.au>; Mon, 16 Oct 2006 14:26:47 +1000 (EST)
Received: by wr-out-0708.google.com with SMTP id c3so1287532wra
         for <Roger.Clarke at xamax.com.au>; Sun, 15 Oct 2006 21:26:44 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
         s=beta; d=google.com;
 
h=received:message-id:date:from:to:subject:mime-version:content-type:content-language;
 
b=rbIYSoLPNxip4K9BiUPcmVoa/2rvVjety/ypEdQS9SKQ5b2z+J4C1Aw/AQOfRPOo4COlKTikDXW/8FJojARLrQ==
Received: by 10.70.57.8 with SMTP id f8mr452282wxa;
         Sun, 15 Oct 2006 21:26:44 -0700 (PDT)
Message-ID: <1160972802.22696714d40d7011.42b4ab1b at persist.google.com>
Date: Sun, 15 Oct 2006 21:26:42 -0700 (PDT)
From: Google Alerts <googlealerts-noreply at google.com>
To: Roger.Clarke at xamax.com.au
Subject: Google Alert - "Australia Card"
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Language: en

<x-html><!x-stuff-for-pete base="" src="" id="0" 
charset="UTF-8"><html><head></head><body><div style="font-family: 
sans-serif">
<p><font size=+1>Google News Alert for: <b>"Australia 
Card"</b></font></p>
<p style="width:600px">
<a style="color: blue" 
href="http://www.digitaldivide.net/blog/orderxanax/view?PostID=18557">
ORDER XANAX, 2 mg xanax, cheap xanax online</a><br>
<font size=-1><font color=#666666>Digital Divide Network - 
Newton,MA,USA</font><br>
<b>...</b> New &quotMore drugged order xanax free xanax, cod delivery,
portal IndymediaOrder TWiki TWiki xanax effects, order xanax , order xanax
<b>australia card</b> to find <b>...</b><br>
</font></p><p><hr noshade size=1><font size=-1>
 This once a day Google Alert is brought to you by Google.
</font><p><font size=-1> <nobr>
<a 
href="http://www.google.com/alerts/remove?s=EAAAAPiwAofJDy2nL_dz_WpOsrI&hl=en">Remove</a> 
this alert.
  </nobr> <br><a href="http://www.google.com/alerts?hl=en">Create</a> 
another alert.
<br><a href="http://www.google.com/alerts/manage?hl=en">Manage</a> your alerts.
</font></p></div></body></html>
</x-html>


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list