Comment spam is one of those nuisances that career bloggers see a lot of: at least, we would if we didn’t use filters to control most of it before it gets to us. In general, these either overtly advertize something which has nothing whatsoever to do with the blog topic, or say something that add nothing to the topic but include a link that is selling something or giving away something you really wouldn’t want. Of course, we don’t approve them.
Once or twice recently, I’ve seen comments that not only have nothing to do with the topic, but appear to recommend other security products. We don’t think our employers would be very pleased if we allowed those through, even if they were legitimate. Some are clearly not legitimate, and we’re certainly not going to allow those through either.
Today I saw something a little different: comment spams to 14 of our blogs, all extolling the virtues of an anti-spyware product. The spam appears to come from someone called Christine, though her email address suggests that her name is David Miller. This is irrelevant, of course: it turns out that other bloggers, including some security bloggers, are seeing the same messages but with different ostensible senders such as Cheryl or Beatrice.
It seems to use a variety of boilerplate text, but it always includes a recommendation for a company called Orbasoft, so Jeff and I have been checking it out. The company claims to be a legitimate security company based in Denmark. However, it uses Domains by Proxy so there’s no useful whois information. Certainly this mode of marketing invites deep suspicion, though we can’t say at the moment whether Orbasoft’s antispyware product is legitimate. We can’t even say whether they’re the source of the spam. If you come across the same spam on other sites, though, we suggest that you don’t take anything on trust.
David Harley CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, ESET