Last weekend we reported how scammers were sending DMCA notices to downrank game piracy sites.
Presumably, this was done to give their malware-infested pirate sites a better ranking in search results.
While our previous article focused on the abuse of takedown notices, the problem is much broader. In addition to removing content, scammers are also spamming many sites with messages that link people to their dubious pirate sites.
We spoke to a source who has followed this activity for quite a while and actively reported spam he found on medium.com, change.org, wattpad.com, github.com, bitly.com, deviantart.com, zendesk.com, soundcloud.com, ghost.org, hashnode.com, and elsewhere.
Most of these sites were very cooperative and cleaned up the mess soon after they were alerted.
“The list is really long, but what was great is that all these services immediately responded to my reports. Some of them implemented spam filters and medium.com even sent a t-shirt to thank me,” says our source, who prefers to remain anonymous.
With any type of spam, it’s impossible to eliminate the problem completely. However, our source says that some platforms are more receptive to reports than others. At Facebook and Google, this didn’t go so easily.
For months, scammers have used Facebook events to promote their malware or trojan links out in the open, through numerous accounts. In some cases, these events have been online for months, such as with this Fix Problem account.
This account lists many hundreds of events, which presumably link to pirated software, games, and other content. There are no events of course, but these listings help to increase SEO and give the associated sites a boost in traffic as well.
The problem is rather persistent. Our source says that he reported the issue in detail to Facebook, but that there’s been little improvement. Many of the reported events are still online today, and new ones keep appearing too.
A targeted search for “Just Cause” Facebook events created over the past week, shows dozens of results.
Targeted Google search
Initially, the Facebook posts linked directly to the sites where the malware-content could be downloaded, but more recently they switched to Google groups. Perhaps because these links are harder to detect automatically.
People who follow these links don’t get a copy of free software, games, or movies. Instead, they’re downloading malware-infested files, although the landing page suggests otherwise.
A Just Cause landing page
Facebook events appears to be one of the favorite spamming tools, but Google groups are also frequently used. This issue was brought to Google’s attention weeks ago, in a rather detailed post in the webmaster help forum.
For weeks, many of the reported groups remained online and some still are at the time of writing. New ones are still appearing too, as shown below.
More recently, Google has flagged several postings but instead of removing them entirely, Google added a warning message.
TorrentFreak followed a few of the links that were provided in these spam posts and these indeed point to suspicious malware files, or worse. While this type of spamming activity is not new, Google, Facebook and others may want to take a closer look at how this can be dealt with properly.
Our source has made it somewhat of a personal crusade to go after the scammers. As he runs a pirate site of his own, he a has stake in the matter. Previousy his own links were taken down from Google and, as reported last week, he believes that this was a targeted action by the scammers.
A very detailed accounting of evidence and other information, shared with us, suggests that’s indeed the case, at least in some instances. It could of course be that there are more rogue actors.
In the background, this takedown issue has added fuel to a rivalry between ‘real’ pirate sites. Accusations were made back and forth, which resulted in one site shutting down and much more drama on top.
It’s impossible to verify any of the claims or accusations and there may be more things going on at once. What we can say, however, is that our source directly linked the takedown efforts to the type of scamming activity on Google, Facebook, and other sites.