Friendster XSS spam

Over the past couple of weeks, I have been getting some random messages from friends on Friendster (this is probably the first time in over a year). The first three or four, I didn’t think anything of it, but finally a good friend sent me a message, so I logged on and found this:

Friendster XSS hack message

Which is obviously some sort of spam, possibly from a XSS hack. This reminds me of the first effective email worm I ever experienced, where someone I thought highly of (a professor at MIT) sent me a link about photos of Anna Kournikova, and of course I clicked… never again.

Until now. It goes to show how important the sender is in propagating a worm; a really intelligent spammer would take this into account, use the email/social network address book to determine who the likely influenced people are, and message these people first.

Flickr spam email

I received a strange email this morning, addressed to my blogdex email address which has nothing to do with Flickr, but exceptionally high SpamRank:

From: Dee ([email protected])
To: [email protected]
Subject: question about your photo

I’ve accidently found your photo at a flickr and i’m very
interested in it.

Can you tell me what place i can see in the background of
it?

wbr, Danny

Where “your photo” is a link to http://www.fri91.net/flickr,html. At the outset this appears to be a Flickr phishing scam; while on the train without a connection I was convinced I’d find a Flickr login screen when I followed the link to “my photo.” And you know that when your service is getting phishing scams, you have arrived.

The truth is much stranger. Go ahead, click the link. It’s not going to hurt you. In a sort of janky way, Barry has copied some of Flickr’s code and design along with some of his own “edits.” The page is hosted on a Norwegian soccer club’s website. The links on the page lead to tjhallett1’s Flickr data. The email domain is a fish food company. This piece of spam is a stumper.

The full email is here.

Update: Andy explained to me that this is, indeed, a scam. DO NOT visit the link in IE, it is some sort of Activex control hack. More details here and a virus definition describes the functionality on AusCERT.

It appears that this email is using the credibility of a site like Flickr and its community to get people’s attention and clicks. It’s no different than preying on people with the possibility of Anna Kournikova pictures.

Google news, meet spam

I’ve been a long-time user of Google news and news alerts. For certain topics, it’s the only way for me to stay informed, and the quality of their index has generally kept these updates to high-quality, on-topic news that matched some keywords. Over the past six months I have noticed a diminishing returns on the value of their search, especially in the case of alerts. While the amount of information has increased, the average quality has been diminishing. This decrease in relevance can be attributed to certain publications in their corpus:

Small publications: as more college newspapers, trade publications, and otherwise non-authoritative sources become primarily web-distributed, they have also started to overwhelm the news index. It’s rare these days to come across a story from a mass media publication.

PR announcements: some readers may remember a few months back when a 15-year old boy wrote a press release about how Google had hired him, and the entire affair turned out to be a hoax. Press releases seem to be a media that is not well policed, probably because they mainly come from

Blogs: The boundary between mass media and blogs has certainly blurred over the past few years, but the selection criteria for news indexes does not seem to follow any rules. Presumably the site maintainers take submissions to the site and decide based on internal editorial guidelines what to let in. Some of the blogs I have seen do not seem to make the cut, but maybe their inclusion of blog search into the interface suggests they are working on a better solution.

Syndication sites: a few news sources indexed by Google are actually sites that aggregate news from other sources. Try a search for any of your favorite spam keywords, such as “viagra,” you will find some surprising results. Spam?! It seemed absurd to me that spam could get into the news index, where every source was hand evaluated, but lo and behold, there are more than a few pages trying to sell viagra:

Google News vs. Viagra

What each of these examples points to is the need for a ranking mechanism that takes into account the reputation of the source. At last count, the US version of news is indexing over 10k sources, and as this bar gets lower, our collective trust in this site becomes more and more important. Unlike web search, which can be indexed and updated over the course of months, the news index has to be extremely fresh; for this reason, algorithms like PageRank cannot function properly. Attention indicators like del.icio.us, Digg or Newsvine might help, but each of these sources comes with an inherent bias that might not reflect the audience of Google News.

It seems much more likely that the sources of news will become the harbingers of trust. I am not advocating a return to old media, but the index could be built to reflect the current opinion of the web at large. If most sites trust the New York Times or the Washington Post as an authoritative host, so could a news search index. Andy Baio did an experiment around host ranking using Metafilter as a source, and the results from 1999 to 2006 are quite interesting: many sites appear out of nowhere (Youtube, Wikipedia) while others maintain rank over the years (New York Times, BBC). My guess is that standard news results run through this filter would provide a substantially better experience, especially for ranking results within a given news cluster. I guess we’ll see what the big G ends up doing to rectify the situation.