Majority of Comment Spam Generated by Small Number of Attackers: Imperva

Comment spam has been used by attackers for a wide range of purposes, and according to a new report from Imperva, 80% of the traffic associated with such activity is generated by just 28% of attack sources.

According to Imperva’s June Hacker Intelligence Initiative report, which analyzed more than 60 Web applications over a two week period in September 2013, 58% of comment spammers are active for long periods of time, with the majority of “spammy content” generated by just 17% of the entities involved in such activities.

Comment spam has become increasingly problematic for organizations and is being for everything from search engine optimization to malware distribution and click fraud.

For comment spam operations to be successful, attackers need to publish content on a large scale, essentially forcing them to use automated tools to facilitate the process. They use tools to harvest the URLs of relevant websites based on certain keywords, to generate comments, to post comments, and to verify whether or not a comment has been published.

Sophisticated tools are also designed to help attackers overcome the challenges associated with each activity ─ for example, some websites require user authentication, CAPTCHA forms or user details when posting comments.

As far as the targeted organizations are concerned, many have come up with various ways of mitigating comment spam. The list of techniques includes content inspection, source reputation analysis, demotivation (i.e., making comment spam useless), anti-automation, and manual inspection. 

Identifying comment spammers early on and blocking their requests is one of the most efficient methods. Attackers can be blocked early on in their campaigns with the aid of IP reputation systems, Imperva noted in its report. However, experts have observed cases in which the attackers have used services like the Google App Engine, which allows users to run Web apps on Google’s infrastructure, to bypass reputation controls based on IP addresses.

“Comment spam attacks can cripple a website, impacting uptime and compromising the user experience,” explained Amicahi Shulman, CTO of Imperva.

“In our latest Hacker Intelligence Initiative Report, our Application Defense Center research team reveals that a relatively small number of attack sources create the majority of comment spam, oftentimes leveraging automated tools to reach a maximum number of targets. Quickly identifying the source of an attack and blocking comments from the source can greatly limit the attack’s effectiveness and minimize its impact on your website.”

The complete June Hacker Intelligence Initiative report is available on Imperva’s website.