More Trojan/Zombie/Botnet WordPress Spam Blogs

The zombie/trojan spam blogs are at it again tonight. I just caught another 5k stories published to Tailrank because of this recent blog spam torrent.

There is clearly some unknown vulnerability that he must be exploiting. I’ve only done sample based auditing of about 20% of the links and they’re nearly 100% WordPress blogs ranging from versions 1.5-2.x.

What’s the most efficient way to alert 2-300 WordPress bloggers that they’ve been owned?

I could write an automated script to post a comment to their most recent blog entry. Of course I wouldn’t be able to get through the captcha barrier. I could create a dedicated blog post linking to every single blog and hope they check with Technorati or Google Blog Search for their mentions.

That might actually be a good idea. I think I might do that tomorrow. It would be nice to re-enable these blogs at some point.

This is a good reason to subscribe to Spinn3r btw. If you need a crawler it doesn’t make a lot of sense to have your Engineering staff constantly chase down spam. Let us do it for you.


  1. Hey Kevin,
    I’ve been seeing this ebb and flow for weeks in Technorati’s data, I posted about it here http://technorati.com/weblog/2008/02/423.html — it seemingly started within a few days following the WP 2.3.3 release, I think that release announcement was as much a tip to spammers as it was a service to bloggers. I have personally emailed dozens of bloggers individually over the last few weeks and talked to a bunch of bloggers I know individually spread the word but you’re spot on: that doesn’t scale for shit, this problem is too big — a total DoS on my time. What I’d like to see in the big picture are WP , MT and all CMS’ support auto-update (sounds like good Summer of Code projects).

    I’m not sure what else Technorati can do to help mitigate this issue, ping me if you want to chat about it.
    -Ian

  2. Hi Kevin,

    I’m not sure if it’s related, but I noticed today that my WordPress 2.1.x instance was attacked with something called 3rbsmag. Details and the code it tried to install on my machine are up on my blog: http://seanbyrnes.com/blog/?p=476

    Sean

  3. Dan

    As long as captcha is the only defence line against zombies, we will keep on seing spam and other annoying activity in the blog space.






%d bloggers like this: