I think this may be a mildly new twist on email and referral spam: using referral spam to advertise a message that’s stored in an unused public newsgroup, thus avoiding spam filters.

This morning I checked the stats on this website, where there was a referring link from:

http://health.groups.yahoo.com/group/weight-loss-group/message/2

“Now”, I wondered aloud, “why would a health group be linking to me?”.

So I followed the link to see what the association was, and LO, it came unto me like a shining beacon:

I need to buy weight loss pharmaceuticals!

The indirection is as follows:

1. Create a web based newsgroup
2. Leave your advertising messge on the group
3. Request a couple of web pages from many thousands of websites.
4. Sell drugs to desparate victims who see and believe the message*
5. Profit

* The key to this working is that many websites include a list of the latest referrers, so the site’s users will potentially click these referrers and see the message. It’s a bit desparate but if you can get the link in front of a million eyeballs and only 0.0001% click and buy, then that’s 100 customers, or perhaps more appropriately, 100 victims who hand over their credit card details.

The real killer blow, the thing that makes this technique work, is that most referral spam blocking algorithms block the whole domain which the spam advertises. In this case the domain is yahoo.com. I could potentially block health.groups.yahoo.com but my software won’t do that by default, I’d need to tweak it. This technique is just the spammers exploiting the tiniest of loopholes to get their advertising across in the time before the hole is plugged.

Blacklisted

Incidentally, the incoming connections are from two IP addresses, 80.77.84.108 and 80.77.86.209 – the second of which is already blacklisted By Mat Sullivan’s realtime blacklist SORBS.