Above is a shot of one of many spam blog comments I’ve received lately with multiple links to pages on Google Groups.
Spammers have always targeted Google products, and services such as Blogger have always been a favorite destination for spammers. Google Groups isn’t as well known as a spam platform, but after some investigation I found that it has become a leading destination for those seeking Google search results for various offers.
There is varying forms of spam across Google’s platform. Most spam sites usually serve as gateways to various affiliate programs (particularly porn and meds), and although they’re not welcome by most, they’re fairly harmless in the scale of things. The links above however are in a different category.
Following one of the links above takes you to a page like this one (link tagged nofollow). The title (in this case) on the Google Groups page says “Free rachel starr trailer in PORNO!!!,” then presents what looks like a YouTube embed complete with the spinning loading wheel. Directly below that is “click here to see the movie.” Clicking there takes you to a page that is mocked up to look like Porntube, but isn’t. No links here because the content is most definitely NSFW. Clicking on one of the videos shown immediately creates an ActiveX error, and suggests that you should download a plugin to fix it. Suffice to say the plugin is an .exe file, so it’s targeted at Windows users, but its safe to say that what ever it is, it wouldn’t be wise to install it.
The problem of spam on Google Groups isn’t new, I found articles going back two years discussing spam pages on Google Groups, so the question then becomes: if this has been going on for years, why hasn’t Google acted? Surely if Google can track down and punish users of services such as PayPerPost or those running text link ads it could find spammers using its own services to direct users to download malware? or is it that it’s easier to target others than look after your own backyard?