3 January 2008 17:32 GMT
Amazon review spam on the rise?
Christmas and New Year’s holidays are among those rare occasions when luckier among us in Sophoslabs can afford to conduct a bit of non work-related research. The research may, for example, comprise of looking for a new LCD screen television set we did not buy last year (or was it the year before?). The laziest research technique includes reading countless reviews on more and less trustworthy web sites with a frequent visits to Amazon.com for descriptions of the most popular products.
But even when I tried to avoid work, while reading a review of one of the popular LCD television sets I managed to stumble upon something blog worthy. The first review of a popular TV set read:
Amazon is usually careful not to allow reviews containing unsolicited commercial messages, but it seems like people in charge of blocking spam reviews decided to take a longer Christmas break. I read somewhere that every Amazon review is reviewed and approved by a human reviewer before being published (a common practice used also in Sophoslabs for every detection we publish) so I thought maybe, just maybe, this is not spam. I have decided to follow the advice in review and have a look around the site. The domain referenced in the review in an obfuscated way (typical for spam) is only a wrapper for content fetched from another domain (another potentially spammy characteristic).
The site’s content promises free gifts for a number of referrals to certain sites, the only thing required is several new email addresses of users that will buy trial product versions offered by the “sponsors”. The more expensive gift we want, the more people we have to refer to the site. These crazy internet giveaway schemes seem to have started a few years ago with the domain freeipods.com, a pyramid referral scheme owned by company Gratis internet. Googling for Gratis internet reveals that the company was sued by the State of New York over the largest breach of internet privacy at the time. The company allegedly sold details of more than a million users to other commercial companies. Since I value my privacy and privacy of my friends, I think I will stick with buying the product for its regular price from Amazon, or search for some good deals during the winter sale. I have reported the review to Amazon and classified the domain as spam in our Web appliance.
My story has a sequel. When i visited the same product page there was another review, most probably posted by the same person.
Another free dot.tk domain now hosts instructions for obtaining another set of “free products”. It is quite tempting for an unsuspecting visitor to follow the advice seen on a trusted site such as Amazon. However, it is important to keep in mind that any sites which allow third party input such as reviews and comments are potentially vulnerable to spam attacks. Despite claims from some people on the internet that free giveaway schemes work, it is a good practice to adhere to the old rule - “When something looks too good to be true then it is not true”. Failure to adhere to the rule may make your free gadget a lot, lot more expensive. All spam domains investigated in this blog entry are reported to Amazon and blocked by Sophos.
Vanja Svajcer, SophosLabs, UK
