Via Muthu. This is mind boggling to me.
Sparasites on the web now somehow find it worth their while to invade ultra-specialized academic conferences. Call them splORGers. (In close analogy to sploggers).
The website focs2008.org appears to be the official home of the 49th Annual IEEE Symposium on Foundations of Computer Science. (In fact, it’s the top result for the search “focs 2008” in Bing, Google, and Yahoo!.) Historically a few hundred people attend to hear talks like “A Hypercontractive Inequality for Matrix-Valued Functions with Applications to Quantum Computing and LDCs”.
The website appears fully functional: you can browse the entire website structure including internal links like the list of accepted papers and external links like the online registration form.
But look more closely at the lower left corner of the front page. What do you see? SPAM KEYWORDS!: “Data Recovery Dell Memory HP Memory PC RAM wow accounts WoW gold”.
WTF??!!
It turns out that focs2008.org is NOT the official FOCS 2008 conference home page. Rather, it’s http://www.cs.cmu.edu/~FOCS2008/. (Yahoo! ranks this site in second place, Bing and Google in seventh.)
This doesn’t seem like a zero-cost no-brainer automated attack. It involves identifying the appropriate domain name and mirroring another website, not as one-click as it sounds. There’s even a small sign of manual effort: the fox graphic in the upper left links to focs2007.org rather than 2008, as in the original. And of course there’s the cost to register and host the domain.
So why bother? Clearly, the perpetrator is not expecting real people to click on the spam links. At it’s peak, about as many people searched for “focs 2008” as for “pennock” and the offending links are fairly obscure. This is most certainly about siphoning link juice from seemingly legitimate .orgs that search engines trust.
But can that benefit really outweigh the cost? Again and again I simply fail to grok the economics of spam.
SplORGers have also set up camp at focs2007.org and ioi2008.org. Curiously, focs2009.org has a more transparent yet still head-scratching disclaimer.
Today, I stumbled onto a similar spamfiltration on mortgagepoints.com, the first external link on the Wikipedia definition of mortgage points, prompting me to finally write this post. Look what our ultra open web has wrought!
I think the economics of spam are pretty straightforward. I used the example of “four walling” in a previous post here. The physical act of posting bills in a town is roughly equivalent to the electronic act of posting spam. The billing crew would receive instructions to ignore any Post No Bills signs and to simply post the bills on any building that had four walls. The crew chief didn’t care how many people he offended, his job was to get those bills posted.
Its the same thing with spam only there is an added wrinkly of being forward-looking. Whether you are actually trying to sell Viagra at an academic conference site or not doesn’t matter too much. If you do ship one order of Viagra as a result of your spam, that one order still represents a profit. If you do not actually ship any Viagra as a result of the spam site well it doesn’t matter, you’ve still milked some link juice and are basking your links in clover so that as various artifical intelligence programs are designed to detect spam links, your particular links are not only dripping with link-juice but are also perfumed with an aura of respectability so that anti-spam programs will have a tougher time trying to purify the link juice.
Thanks FoolsGold. But this particular attack doesn’t seem to be easily automate-able to reach the scale that spammers need, unless I underestimate what they’re capable of (which seems to happen all the time).
I just can’t see how the cost outweighs the benefit. But apparently it does or it wouldn’t persist.
Well, I’m not too certain that I grok the economics of spam or even grok the economics of more legitimate commerce. I would think this is indeed an attempt to siphon some link juice but its also an attempt to bathe a site in some impenetrable cloud of legitimacy so that google’s algorithms may be eventually deceived.
There is no cost to spam: there are sufficient maliciously inclined techies to direct a campaign on the cheap and there are sufficient numbers of drones capable of carrying out instructions. The “cost” of spam is equivalent to the cost of bathrooms in that Italian factory that was built decades ago. The factory owner failed to build any bathrooms in the new factory because his worker’s needs were simply not on his mind. Its the same way with spam… the spammers do not even think of what it might cost them. Todays money is so good that they can be perfectly happy trying to keep their sites cloaked with link juice no matter what the cost.
I wonder if anyone has done studies on just how much things like spam and pornogaphy have created technological development. Without spam there would be no Captcha. This is not to say that I welcome or approve of spam in any fashion. Its simply that if we are to consider economics then the question of cost-benefit ratio arises and the financial benefits to pornographers and spammers are very high.
via Daniel Reeves:
another impressive(ly devious) scammer
I think this makes an interesting research problem. How to protect the small players from the army of spammers or identity hackers. I find the problem with the ranking algorithm which Google uses because it does not give weightage to the content on the webpage. It only gives importance on the number of links, and links from a higher ranked webpage are given more weight.
So in fact if someone can edit higher ranked pages on wikipedia and create a link to their fake website than these problems will occur.
I never click on random adds on various websites, but when I visited the FOCS website (the fake one) I actually did visit the links, although more out of curiosity.
If they would have outsourced the creation of fake websites and paid like $2 (I am serious) for that, they would have definitely made more money from the various adds. Infact their business model looks quite profitable 🙂
Further on cost/benefit ratio: I think the spammers are forward looking and want to cloak their sites with high quality links so as forestall any later developed programs that might classify the spammer’s sites as spam.
High quality link juice may be part of a future defense arsenal for the spammer.
FoolsGold wrote:
> studies on just how much things like spam and pornogaphy have created
> technological development. Without spam there would be no Captcha.
I agree pornography has sparked great technological development, but I’m not as convinced about spam. Captcha itself is not a good thing: it ultimately wastes the most precious resource: people’s time.
My own beloved conference EC 2011 (run by ACM SIGecom, the organization I chair) has been plagiarized by a splorger: http://www.ourglocal.com/url/?url=http%3A%2F%2Fwww.sigecom.org%2Fec11%2F
Google ranks that bogus site 3rd for the query “EC 2011”. Bing 7th. Yahoo! not at all — Hooray! Yahoo! is the only search engine that ranks the official website #1. Great, but also strange: I thought Bing==Yahoo!?
As far as I can tell, ourglocal is a splorger extraordinaire and represents the worst of the open web who have found a way to game Google.