Subscribe to blog updates via email »
Trojan Horse Spambot
Until this week, rdgusa.com, which I am the webmaster of, had been getting alot of annoying spambot traffic from one spambot in particular (for background on our method of determining what a spambot is, read up on the mod_rewrite method). Finally I got fed up with this spambot visiting the site every day, looked up the IP address and contacted the tech contact, simply telling them I was getting spambot behavior from this particular IP address. Later that day, I got an e-mail from the “offending” customer, who was oblivious as to what was going on. Oddly, the “offending” customer was the Catholic Diocese of a capital city (RDG is a leader in Catholic Church Architecture, so this was a potential client). I checked the log files, and noticed that the offending IP address had visited once, with human-like behavior, then a few days later started coming as a robot, accessing, but disobeying the robots.txt file at which point I started blocking it. I was fairly certain that this Catholic Diocese wasn’t running a spambot, so I concluded that there must have been some sort of Trojan Horse that had taken over one of their computers, going through it’s internet history and harvesting e-mail addresses from all of the sites in it. I informed the tech contact of this organization, and sure enough, he found a Trojan Horse on one of his user’s computers. I was unaware that spammers used this method, and I thought the world should know about it.
