This morning I noticed 4 update announcements to the CLUG wiki, which seem to be non-human.
We have 4 new pages with one-word content, created by two separate users, "t785t" and "t717t". User: t785t Page: WikiUserNew Content: "c296t" User: t785t Page: OldMarkup Content: "c296t" User: t717t Page: AddComment Content: "c9t" User: t717t Page: new linking scheme Content: "c9t" Judging by the format of the usernames and content, it's reasonably obvious that these changes represent a seeding attack on the wiki, probably with the intention of seeing what our googleability is (and therefore setting our value for future spam runs). There's nothing interesting to be gained by looking at the source IP addresses :-) I've deleted all these pages. The policy of the Wiki is to allow anonymous edits, and to allow any users to be arbitrarily referenced, and no further changes are expected. In the past I have locked edit access to some phpwiki-default pages, which has stopped generic spam runs. Thought you might be interested to see the current state of the art in spam :-) For more background information, see Peter Gutmann's recent paper on The Commercial Malware Industry :- "Malware has come a long way since it consisted mostly of small-scale (if prolific) nuisances perpetrated by script kiddies. Today, it's increasingly being created by professional programmers and managed by international criminal organisations. The Commercial Malware Industry looks at the methods and technology employed by the professional malware idustry, which is turning out "product" that matches (and in some cases even exceeds) the sophistication of standard commercial software, but with far more sinister applications." http://www.cs.auckland.ac.nz/~pgut001/pubs/malware_biz.pdf Also consider :- http://www.cs.auckland.ac.nz/~pgut001/pubs/blended.pdf The Convergence of Internet Security Threats http://www.cs.auckland.ac.nz/~pgut001/pubs/phishing.pdf Phishing Tips and Techniques: Tackle, Rigging, and How and When to Phish -jim
