Web 2.0: Spammed Into Oblivion

Saturday, June 11th, 2011 -- by Bacchus

I’ve noticed a sharp uptick of attempted blog comment spam in the last couple of weeks … it’s long been a high-volume problem that I keep to a dull roar with electronic countermeasures, but just recently the number of attempts that get through my ice into my moderation queue has jumped from maybe a half-dozen a day to maybe a hundred. Another order-of-magnitude jump like that and I’ll have to start looking into getting better ice.

Thus was I in a receptive mood to be entertained by Franklin Veaux’s Welcome To Web 2.0 essay and flowchart this morning, in which he discusses how easily new whizbang web enterprises tend to stumble and die under the weight of bots and spam:

So it is with companies like Flavors.me and Box.net, started with equal parts naïveté and hope. I didn’t know about either company until I started getting pharmacy spam advertising URLs on their servers, and discovered with a quick Google search that they’re overrun with it.

Right now, as I type this, Box.net has about 40,000 Russian pharmacy redirectors living on its servers. I have a bit of a soft spot for Flavors.me, because I wrote them an email to let them know they have about 3,800 spam pharmacy redirectors on their site, and actually got an email back from a person who, according to her company profile, went to the same little liberal arts college I went to in Florida…but they still haven’t got a handle on the situation. I’ve been checking over the past few days, and the number of spam redirectors on their servers is, according to Google, increasing at the rate of about ten an hour, which probably means there’s a whole lot more that Google isn’t finding.

So in the efforts of public service, I’ve created this handy-dandy flowchart detailing the life cycle of a hot new Web 2.0 startup…

But what really caught my eye was his comments about would-be social-network host Ning. You remember Ning, right? I blogged about it first in 2008 when they threw all the adult social networks off their servers: Ning To Adult Social Networks: Bugger Off. And then again in 2010, when they evicted all the non-paying customers (that is to say, pretty much everybody) that were originally at the heart of their (if I may use the phrase charitably) business model: Fucked By Ning — Again.

What I did not know was that even as they were busy evicting all the people that foolishly trusted them enough to build sites on their “free” platform, they had already been pwnd by spammers. A day after that last blog post of mine, Franklin Veaux wrote this:

Recently, I found a spate of malware spam advertising URLs hosted on a Web site called nashville.net; the spam promised all sorts of free sexual delights if I would but go to such Web addresses as

www.nashville.net/profile/3nz5lxzvocvcd
and
www.nashville.net/profile/jetttoland59

and so on.

I did some poking around on Nashville.net and discovered that it has been compromised like a Senator with a gambling addiction; at the moment, it’s hosting somewhere around 4,200 phony profiles, all of which are redirectors to sites that try to download malware.

So I decided to be a good citizen and drop a line to the owner of nashville.net, and his Web host, letting him know he’d been massively breached.

That’s when things got interesting.

The Web site nashville.net is a “community site,” a small niche social networking site hosted by an outfit called Ning.

Parsing input: nashville.net
Routing details for 8.6.19.68
“whois NET-8-6-19-0-1@whois.arin.net” (Getting contact from whois.arin.net )
Found AbuseEmail in whois abuse@ning.com
8.6.19.0 – 8.6.19.255:abuse@ning.com
Using abuse net on abuse@ning.com
abuse net ning.com = postmaster@ning.com, abuse@ning.com, abuse@level3.com

Ning is a personal social networking site founded by the guy who started Netscape, Marc Andreessen. It basically lets you create your own mini MySpace or LiveJournal or whatever you like–a small social networking platform aimed at whatever niche you want. It’s had a checkered past, and has struggled to make money; three days ago, Ning announced that it would become pay only and would cancel its free services. It also fired 40% of its staff.

But that’s not the really interesting part.

The really interesting part is that it looks like all of Ning, with all the social networks and online forums it hosts, has been pwn3d from balls to bones.

A search for some of the exact words and phrases used by the virus redirectors on nashville.net, one of Ning’s social networking sites, produces 1,060,000 results…and as near as I can tell, they are all on Ning.

Update to 2011: A year later, Ning is still pwnd. Franklin Veaux again:

…[T]hey get pwn3d, like the has-been startup founded by Marc Andreessen of Netscape fame called “Ning.” Ning was supposed to revolutionize social networking. After burning through all its capital with virtually nothing left to show for it, Andreessen bailed, and it is now little more than a shell for Russian virus downloaders, as I’ve mentioned before. The virus droppers I talked about a year and two months ago? Most of them are still active. Lights are on, but nobody’s home.

I’ve felt for a long time, and yammered to anyone who would listen, that building your website on a “free” platform provided by somebody else is a terrible error. The incentives are all wrong, and your trust will, inevitably, be betrayed. What’s semi-new to me, though, is Veaux’s insight that these platforms — especially the newest, hippest ones with the fewest hard-eyed security professionals on the payroll — are, as they become the unwitting and/or hapless hosts to web parasites, likely to founder under the parasitic burden, becoming the web equivalent of a caterpillar full of wasp larvae. And that provides another reason not to use them, also: because once they turn into what Google calls “bad neighborhoods”, your content there will tend to be penalized in search results because of its virtual proximity to the virus downloads and penis pill spam.