Imperva, a cybersecurity group, recently released a research in which they observed a new comment spam campaign that works around the FIFA World Cup hype. The comments include a link that redirects users to suspicious websites, most of them are betting sites and other services being offered to the World Cup.

Source: Imperva

The campaign is being run on a botnet which pushes senseless messages into the comment section of WordPress websites. These messages are generated using a template that itself creates several versions of the same message so that it doesn’t look or sound the same.

Using spambots to push spam comments on various websites is an extremely old technique but we can observe here how it is still so effective. The spambot literally sprays comments on the same URI throughout the web, even on those resources that don’t have a comment section in place.

Source: Imperva

The botnet also uses URL shorteners and URL redirections to hide its actual destination. It includes 1200 unique IPs which is not a significant number, by any means.

Before the World Cup, the botnet was being used to execute remote code execution attacks but once the tournament began, the focus was shifted towards the spam comment campaign, affecting a number of WordPress websites.

“We found that the botnet advertised over 1000 unique URLs, most of them appear multiple times. In many cases, the botnet used different techniques such as URL redirection and URL-shortening services to mask the true destination of the advertised link.” Reported researchers at Imperva

The research also suggests that the botnet might be for hire. Websites hire botnets to advertise their links on various websites.

WordPress sites have often been a target of such attacks, mainly because it is the most popular CMS around. As a site owner, the burden lies on you to protect your website against these attacks.

One possible solution to this problem is installing a WordPress antispam plugin. Imperva itself uses these three anti-spam tools:

  • Identification of SPAMming IPs
  • Classification of SPAM tools and botnets
  • Detection of URLs advertised in comment SPAM