fighting splog

SPLOG = SPAM + BLOG

Wednesday, March 01, 2006

AdSense Spammer #7 (Big Fish)

This is a spammer I've been keeping my eye on for a while. This is one of the big fish I've been analyzing and collecting data. Actually he is a smaller spammer of the two but nevertheless a major spammer. He created at least 21742 spam blogs during the last weeks or so. Most definitely he created lot more but I think 21 thousand splogs are enough for me to qualify this spammer as a big fish. He also fits in the category of AdSense spammer even though splogs he creates doesn't have AdSense ads on them but because he has links pointing websites and relies on AdSense as the only source of revenue. Another words, if the answer to the question, "Would he stop creating splogs if his AdSense account was taken away?" is yes then he is an AdSense spammer. He has at least 121 .com domain websites which has his AdSense ads on them with an id pub-6982863234175175. Here are the first ten target domains as a sample:

faronutritional.com
faterunes.com
favahorse.com
feckrhapsody.com
fedsframe.com
feedbreath.com
feltscrapbooking.com
feusstatue.com
ficepurses.com
fidsbilling.com

pub-6982863234175175_domain.txt - 121 splog target domain list

There is a interesting twist in his spam target websites. When you take a look at the source of faronutritional.com website, you don't see the usual AdSense code in the html. Instead AdSense code is in a separate JavaScript file http://www.faronutritional.com/source.js.


inc_top_js =
'<script type="text/javascript"><!--\ngoogle_ad_client = '
+ '"pub-6982863234175175";\ngoogle_alter'
+ 'nate_ad_url = "";\ngoogl'
+ 'e_ad_width = 336;\ngoogle_'
+ 'ad_height = 280;\ngoogle_ad_format = "336x280_as";\ngoog'
+ 'le_ad_type = "text";\ngoogle_ad_channel ="0232739613";\ngoogle_col'
+ 'or_border = "FFFFFF";\ngoogle_color_bg = "FFFFFF";\ngoog'
+ 'le_color_link = "0000ff";\ngoogle_color_url = "000000";\n'
+ '\ngoogle_color_text = "000000";\n//--></script>\n<script '
+ 'type="text/javascript"\n src="http://pagead2.googlesynd'
+ 'ication.com/pagead/show_ads.js">\n</script>';

// end_var_declaration
document.write(inc_top_js);


I noticed that this spammers used a common tactics to mask the AdSense JavaScript code by chopping it up into pieces. The obvious reason for this is to prevent from being parsed easily and to hide detection. This in itself is a violation of AdSense policy and to me it's an admission of guilt by this spammer.

pub-6982863234175175_1000.txt - First 1000 splogs out of 21742 splogs he created. I will be posting the full list once his AdSense account goes poof.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)