A Peek Inside the Managed Blackhat SEO Ecosystem

Ever wondered how are thousands of bogus accounts across multiple Web services, automatically generated with built-in monetization channels consisting of scareware, malware to the use of legitimate affiliate links from major ad networks?

Through several clicks or if complete automation and experience count, through outsourcing the process to a managed blackhat SEO provider that wouldn’t charge you for the product, but for the service offered. Let’s take a peek at some of the currently available DIY tools, and what a managed blackhat SEO service provider has to offer.

Take for instance the “professional blackhat SEO” expert featured here. His ongoing Twitter spam campaigns are in fact so successfully hijacking trending topics that at first they looked like your typical scareware serving campaign. What both sides have in common are spamming techniques used.

However, the tactics vary and indicate an interesting shift from the typical outsourcing of CAPTCHA recognition for the purpose of storing the blackhat SEO content on the legitimate provider’s services. In order to scale more efficiently, several currently active managed blackhat SEO providers that have vertically integrated to the point where they manage their own blackhat SEO friendly ISP.

By doing so, their bogus account generating platforms are capable of achieving speeds that would be otherwise either impossible or impractical to set as objectives through outsourced CAPTCHA-recognition – 2,931 bogus WordPress accounts with template based blackhat SEO content generated in 1 second using their own managed infrastructure. The following screenshots provide an inside peek into one of the products offered by the “professional blackhat SEO expert” :

What took place in one second, was the generation of thousands of bogus accounts with descriptive blackhat SEO subdomains, with the bogus content pulled/scrapped from legitimate and real-time news providers, with the entire operation run as a managed service, or the tool itself offered for sale. As in every other managed underground service, customization plays a major role that is often the key benchmark for judging a particular product next to another. Customization in respect to this particular tool comes under the form of numerous WordPress templates that can be randomly used during the registration process:

Static customization is one thing, dynamic customization is entirely another. The product, and consequently the managed service are offering the ability to automatically add Ebay and Amazon listings with the user’s unique affiliate code posted within the bogus content:

The practice of affiliate network fraud — excluding the cybersquatting as a prerequisite for it success — was recently mentioned as a much more lucrative fraudulent practice than the pay-per-click model, which entirely depends on the fraudster’s knowledge of which is the monetization model with the highest pay-out rates:

Some companies offer legitimate affiliate programs that allow third-party Web site owners to post links and banners with the company’s branded content on their site or to send traffic to the company’s site directly through domain forwards. In return, the owner of the site hosting the link receives a commission for every click-through that results in a purchase. This lucrative commission structure has enticed cybercriminals to take advantage of affiliate programs by registering typo domains that redirect to legitimate content and enable them to collect affiliate fees.

Next to the malware/scareware serving Twitter campaigns, affiliate network fraud is also very common at the ever-growing micro-blogging service, whose lack of common sense account registration practices — Twitter doesn’t require a valid email, neither does it require an email confirmation upon registrating an account — makes the practice of generating bogus accounts a child’s play.

The bottom line – is the managed blackhat SEO hosting service ($500 per month and $5000 for one year for unlimited domains/subdomains/traffic/disk space package) the future, or are we going to continue seeing the systematic abuse of legitimate service’s infrastructure through outsourced CAPTCHA recognition? I’d go for the second due to a simple reason – it’s more cost-effective than the managed service at least for the time being. In the long term, once it achieves its logical “malicious economies of scale” the hosting and process would become cheaper thereby attracting more customers.

Recommended reading –
Outsourced CAPTCHA recognition:
Community-driven Revenue Sharing Scheme for CAPTCHA Breaking
The Unbreakable CAPTCHA
Spammers attacking Microsoft’s CAPTCHA — again
Spam coming from free email providers increasing
Gmail, Yahoo and Hotmail’s CAPTCHA broken by spammers
Microsoft’s CAPTCHA successfully broken
Vladuz’s Ebay CAPTCHA Populator
Spammers and Phishers Breaking CAPTCHAs
DIY CAPTCHA Breaking Service
Which CAPTCHA Do You Want to Decode Today?

Managed Cybercrime-facilitating services/tools:
Commercial Twitter spamming tool hits the market
Zeus Crimeware as a Service Going Mainstream
Managed Fast-Flux Provider
Managed Fast Flux Provider – Part Two
76Service – Cybercrime as a Service Going Mainstream
Inside (Yet Another) Managed Spam Service
Inside a DIY Image Spam Generating Traffic Management Kit
Quality Assurance in a Managed Spamming Service
Managed Spamming Appliances – The Future of Spam
Dissecting a Managed Spamming Service
Inside a Managed Spam Service
Spamming vendor launches managed spamming service

Cybersquatting/Per Pay Click Fraud:
Exposing a Fraudulent Google AdWords Scheme
Botnets committing click fraud observed
Click Fraud, Botnets and Parked Domains – All Inclusive
Cybersquatting Security Vendors for Fraudulent Purposes
Cybersquatting Symantec’s Norton AntiVirus
The State of Typosquatting – 2007

This post has been reproduced from Dancho Danchev’s blog.

Author: Dancho Danchev

Leave a Reply

Your email address will not be published. Required fields are marked *