An ugly spam attempt

April 3, 2006

Every so often I take a look at what user agents are visiting WanderingThoughts. Tonight it turned up a doozy; a single visit with a User-Agent of:

<script>window.open('<URL>')</script>

Presumably the intended attack vector was sites that summarize user agent traffic onto a web page without escaping the text; that would make this user-agent string into live JavaScript that would force any visitor's browser to go there.

The attack is also noteworthy for how brazen it is. The URL in the request is for 'buy4cheap.brinkster.net/buy2/side-search.htm', and the request itself came from 65.182.100.121, aka 'orf-premium12a.brinkster.com'. Most spammers are far less willing to clearly sign their work like that.

(I vacillated between calling this 'clever' or 'ugly'; I am going with 'ugly' because I don't like the implications of what these people are doing, and attempting to inject JavaScript is not a sign of angels.)

Written on 03 April 2006.
« Spiders should respect rel="nofollow"
Why I don't like resorting to caching »

Page tools: View Source, Add Comment.
Search:
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Mon Apr 3 03:36:39 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.