RSSMicrosoft Seeks to Stop Search Spam
By Nate Mook | Published July 13, 2006, 5:28 PM
Microsoft Research has embarked on a new project to automatically seek out search engine spam before it can be used to defraud advertisers on MSN, Yahoo and Google. Called Strider Search Defender, the tool combines two other projects from MSR: Strider Honey Monkey and URL Tracer.
The effort is being headed up by researcher Yi-Min Wang and focuses on a major problem now plaguing the Web: blog spam. The basic premise of Strider Search Defender is that spammers utilize what Yi-Min calls "doorway pages" -- sites at reputable hosts and blog services. The doorway pages pull ads from a "target page" operated by the spammer.
Instead of reading the actual content of a page to see if it could be classified as spam, Microsoft is taking a context-based approach that analyzes URL redirection. Because many Web sites will use redirection to serve up different pages to search engines and humans, this methodology could prove more effective.
In addition, Yi-Min notes that large-scale spammers create hundreds or thousands of doorway pages the either redirect to or retrieve ads from a single domain. By finding these target pages that are connected to a large number of doorways, an entire spam operation can be stopped in a single pass.
In order to accomplish this goal, Strider Search Defender starts by using the Spam Hunter to feed a list of known spam URLs to search engines in order to find forums, blogs and other pages where more such spam links are located. It then compiles those links into a single potential spam URL list.
Next, that list is fed into Strider URL Tracer to find which domains are associated with a high volume of doorway pages. False positives are reduced by checking the URLs against a whitelist of legitimate ad and Web analytics providers that were compiled through the Strider Honey Monkey project.
According to Yi-Min, the more a spammer spreads a URL, the easier it is for Spam Hunter to find. And once a forum for spam is identified, it essentially becomes a "Honey Forum" to obtain other spam URLs. If a spammer has a large number of doorway pages, the higher priority they become for manual investigation.
"Yi-Min has been working closely with the MSN Search team to share the results of his spam Web page research," a Microsoft representative told BetaNews. "The Search team has been actively pursuing his leads, and if they are indeed spam pages, they will be either removed from the search index or assigned a low relevance ranking."
To the idiot that gave my post a negative one score....
Could they waste their time and money on anything more retarded?
I think not.
Microsoft is getting so freaking dumb these last 6 months it's silly.
Score: 0
Banned in....
3....2....1...
Don't piss off the mods.
Score: 0
There are mod here?
lol
Score: 0
I wouldn't call them mods. They don't mod anything.
Score: 0
Umm... yeah...
The only people who can give you a negative score are the people who run this site. You might want to refrain from calling them idiots if you plan to keep using your account.
Just a thought.
Score: 0
Yeah. Ok.
You might not want to provoke that spite, but I guess it's too late now...
Score: 0
Thanks anyway.
They have a history of giving negative scores for stuff they don't agree with. There was nothing at all wrong with my comment.
If they gave it a negative because I was using vulgar language or posting false information I would understand.
They shouldn't give a negative score because they don't agree with something.
Score: 0
I presume it was given a negative score for your tone and obvious ignorance.
Score: 0
I presume you presume incorrectly. Your post is fairly ignorant itself. :)
Score: 0
Actually, I do know about things like honeypots, honeynets, honeymonkeys, and honeytokens. I doubt you do. I'm also a network administrator who knows a lot about security and has 12+ years of Internet experience. What are your credentials?
It'll be interesting to see what the outcome is with their research.
Score: 0
LOL.
Well I have 10 years of experience and I am an MCSE, and also Linux+ certified.
I am a network analyst and I am in charge of configuring all the Cisco routers/switches along with servers and everything network related for a large corporation. We have 6 locations 3000 employees and about 117 servers.
Only 4 guys do what I do there.
I'm real proud of you and your honeythings. I'm really impressed. :)
Score: 0
It's so funny when people put their credentials in a comment here, as if we're supposed to believe them.
Even if you're telling the truth, there's no way you can prove it to anyone.
Score: 0
Don't need to. Only one I need to satisfy is myself.
He asked, I answered. If he, you, whomever else doesn't believe I really couldn't care less.
Enjoy your evening. ;)
Score: 0
And here I was thinking when I posted that I might encounter someone who actually knew something. Sure enough. You probably have horror stories of your own about users. http://rinkworks.com/stupid/
You should read up on honeytokens. Real easy to do and very useful. http://www.securityfocus.com/infocus/1713
What kinds of servers? Are you going to use Longhorn Server? Do you do pentesting? Use Auditor? What is your take on IPv6?
Score: 0
To Spyderloco
Talk about idiots. Have you read your own posts? Grow up pal!
Score: 0
Nice project! I hope this will stop spam! And for all spamers in the world I can say: "EIKIT NX JOBANI BLET PRIDURKAI!! NX SURASIU IR SUPYZDINSIU JUS VISUS IR VEMSIT PER SIKNAS ASILAI BLET, KURVOS SUPISTOS NX, KRAUJU TUOJ SYKSIT. ATVARYS 7 GOLFAI IR PYZDA PLET JUMS".
In english this means "I will find you and kill you all". So beware!!!
Score: 0
That's a lot of text for a simple English phrase.
Score: 0
Good luck getting rid of doorway pages.. I make a living off them - no way you can get rid of them. Block the server? Just use another free host. Block an IP? Use a proxy.. If they did it via text there would be too many normal sites taken out in the aftermath. Good luck :)
Score: 0
Hasn't Google been doing something like this all along?
Score: 0
...
Microsoft announces these new projects ...then,
after a few months, nobody hears anymore about
it.
For once Microsoft ought to announce a project
~after~ it's completed and ready.
...
The Computer Rodent
...
Score: 0
Uhh... what? You can't finish this project. Search engine spammers will keep on finding new ways to do what they do, and the researchers will have to keep on finding ways to filter them out.
A lot of Microsoft announced projects (not products) are from MS Research. They don't necessarily have a completion criteria.
Score: 0
Hi PC Rat,
I've known about strider honey monkeys for about a year now listen to security now and you'll learn more about it. MS sucks in a lot of ways, but they're awesome in others. For example Virtual PC was just given away.
Cheers,
Christian
Score: 0
Yeah. Good marketing, that.
/sarcasm.
Score: 0
Could they waste their time and money on anything more retarded?
I think not.
Microsoft is getting so freaking dumb these last 6 months it's silly.
Score: -1