The "Slogsplosion" Attacks the Blogosphere
The term splog was coined about a year ago; however, splog has been occurring since about 2003. Splogs (sometimes referred to as Blam!) exploits search engines, so as to lead users to fraudulent Web sites.
It works like this:
1) The splog is normally created on a free, popular site, such as Blogspot.com. The splog is designed to look like a valid posting, often using text from legitimate blogs.
2) The splogger posts the splog multiple times to high-traffic sites, so as to increase its page rank. The higher the page rank, the greater the likelihood is that the splog's URL will appear closer to the top of the user's search results.
3) A user's search pulls up what appears to be the desired site.
3) The user clicks on the splog-generated URL, which sends the user to the fraudulent site.
Like spam, the splogger's fraudulent site could be pornographic or be advertising some product. I've not heard of splog associated with phishing; however, it seems to be a natural fit. The splog posting, rather than a spam message, initiates the chain of events that leads the user to an identity-grabbing, fraudulent site.
An innocent blogger's post can be plagiarized in a splog.
Anti-splog efforts are going through a similar maturation cycle as did anti-spam. For example, SlogReporter uses community reporting.
Microsoft research is developing an anti-splog approach called Strider Search Defender, which uses search to find the splogger's fraudulent URLs. (Do read the Strider Search Defender page. Excellent description of how splog works, along with graphics, screen shots and references to other anti-splog initiatives.
By spam standards, splog attacks are in an embryonic stage. Nevertheless, organizations with Web sites, which are targeted by phishers, should follow the activities of the anti-splog community. As always, you, the consumer needs to continue using common sense about providing personal information over the Internet.
Next up: VoIP spam. SoIP?