Uncover the identity and identity of Yahoo pips spammers who exploit the topics of Yahoo! News

Yahoo! NewsTopicsWhen it is posted and linked, it is commonly said that "Yahoo artillery(A phenomenon that the server gets heavier or falls due to explosion of an inflowee from Yahoo!), but a trackback spammer who is exploiting this topics page, aka "Yaftopi spammerI understood that there is.

Moreover, it is not just spam, but it is a rare spammer that searches from Google etc. later to devise character strings so that you can see the influence of spam, you can see at a glance how much damage has been done.

So, I will write down below what I found out from various investigations, so please refer to those who are in trouble with similar cases.
■ Yaftopi spammer's method


First of all, this Yaftopi spammer resides on the following page and keeps on "main topics".

Yahoo! News - Topics Breaking News and Related Links
http://dailynews.yahoo.co.jp/fc/

When a new topic arrives, visit the link in the article to see if it can be tracked back. When it is found that trackback is possible, it sends a trackback spam from multiple pre-established spam transmission blogs and checks whether spam is displayed properly or not.

■ Strange features of Yaftopi spammer


Yaftopi spammer's trackback spam is very distinctive, somehow recently he seems to love Hirosue Ryoko, and I always write articles like the following.

Example 1:

divorce! The fact of impact to Hirosue Ryoko! In Tokyo 's La Bukhotel.

Example 2:

divorce! Shock facts! In Tokyo 's La Bukhotel.

Example 3:

● Divorce! The fact of impact to Hirosue Ryoko! In Tokyo 's love hotel.

Previously it seems that there is a strong tendency to create an article titles of such a system, like anywhere else with a different actress name, a video streaming, a video surveillance, or anything else.

Also, if you look closely you will find that between the "La" and "Bu" in the article title "Love Hotel"."It is always trying to create your own string by devising measures such as inserting it, and when you search on Google etc., you can immediately grasp the magnitude of the damage and when you are doing from around It is.

Search results of Google by "Tokyo Metropolitan La. Bukhotel" of Example 1 and Example 2:Approximately 13,700 cases


Search results of Google by "Example of Tokyo Love Hometel":Approximately 208,000


■ Exploring the identity of Yaftopi spammers


Analysis of the access log, etc. found that spam transmission was not done all at once from the local site, but it was done manually, and we found that we are using the trackback transmission function of each spam transmission blog. Therefore, even if you look at the access log, it is only the IP address for sending the trackback of each blog, and it was actually that you can not grasp the provider to which the Yahutopispammer who is the sender belongs.

However, after many investigations, we finally succeeded in locating the provider to which this Yaftop Spammer belongs, and since it turned out that this Yaftopi spammer used "OCN" as a provider, he gave the OCN Internet security officer a March 2008 When I got a report with evidence as evidence by email on 26th, I was identified, measures such as warnings were done.

I thought whether it stopped by this, even after 8th April 2008 spam trackback has not been stopped unexpectedly and as a result of investigation again, as a result of this investigation again, this Yaftopi spammer is using the same "OCN" as a provider Turned out. I just reported to OCN Internet Security Officer again on April 10, 2008 Japan date, various evidence logs and so on again.

By the way, if you go to the link of this spam, you will eventually get to the one-click fraud page like the one below.


In other words, the identity of this Yaftop spammer is a one-click fraudster. I have also reported this. How much earnings have you been raising during the past ... ... it is a matter of concern.