Blog Spam Reinvented: Bombing Blog Admins One Link at a Time

Crash course on referral spam


If you have ever had the tiniest intention to build and maintain a weblog, then you probably know that some of the most important assets in the online presence are content and backlinks. While you can actually control the amount of content you push into your blog, there is no guarantee that you will ever receive any backlinks from any website on the Internet.

Add to that the fact that backlinks actually have a great say in how a website ranks in SERPs and you’ll understand why they are pure gold for any webmaster that would like to do more with their blogs than to occupy a couple hundred megabytes on a web server.

That is why blog admins usually keep an eye on backlinks and visit them regularly to see if they are still pointing to their blog. However, just like blog post comments and trackbacks, these backlinks can actually be used to generate traffic and advertising revenue for the spammer on behalf of unwary webmasters.

This technique has been around for a couple of years, but few bloggers actually know about how it works. The idea is simple. An automated bot is instructed to “surf” on a list of blogs. Its activity will be logged as “regular traffic” by any statistics script you may have installed, but, since the script forges the request to look as if it had followed a link from a website, the referrer will also be logged, just as in the image below:

refferal spam

Forged referrer leading to advertisements – easy way to monetize on backlinks

If you happen to have a plugin that displays who came from where on the website, that’s even better for the spammer as not only does he get more users to visit its link, but it also gets inbound links from every blog it has visited. Such a plugin is pretty much a bad idea also because you might actually end up posting links to malicious content or shady websites.

This specific referrer spam campaign depicted above includes a link to a URL shortening service that display ads prior to redirecting the user to the original link. Every time a user clicks on the link, the spammer earns a variable sum of money as affiliate revenue. Now multiply the variable sum of money with about 0.2 percent of a blog’s traffic (which is the average click-through rate for a link campaign), and then scale this campaign to thousands of blogs a bot can visit per day. It’s just like posting your ads with a major advertiser, but instead of paying for your advertisements, you actually cash on them.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.