Security professionals warned curious Web surfers on Friday to stay away from a blog that claimed a "famous spammer" had been murdered in his luxury apartment near Moscow.
While the story appeared to be believable -- fooling a number of bloggers, including meta-news site Slashdot -- security experts quickly pointed out that the domain hosting the blog was registered on Thursday, had no other content, and no "Alexey Tolstokozhev" appeared anywhere on the most reliable list of large spammers.
"In order to send millions and millions of unsolicited letters, Tolstokozhev employed a network of infected computers -- so-called "botnet" -- which he rented from hackers," the posting claimed. "How profitable is spam? Well, the authorities say that Tolstokozhev has likely made more than $2 million in 2007 alone -- in comparison: average russian monthly salary is $400."
While the site is not currently serving up malicious software, the hosting provider is ESTDomains, which has a bad reputation for hosting abusive sites, Alex Eckelberry said in his own blog post.
"I wouldn't encourage visits to this hoax site," Eckelberry said. "There's no malware on it, and you're not going to get infected. But given where this thing is hosted (and the fact that it is tracking visits), why bother?"
A number of Web sites have hosted malicious code. Even legitimate sites have been hacked to include snippets of code to redirect visitors to other malicious sites, many of which are hosted in China. Igor Muttik, a researcher at security firm McAfee agreed with Eckelberry, adding that "it could be an attempt to create a highly referenced URL and later it might get populated with exploits and malware."
In 2005, a Russian spammer, Vardan Kushnir, was found dead. The case has been cloaked in secrecy, but authorities did arrest four people for what many believe was a botched robbery. Others have claimed that Kushnir's adventurous nightlife, and not necessarily his spamming, had made him enemies.
Editor's Note: Due to the possible malicious nature of the hoax site, SecurityFocus has decided not to link to the domain. If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos