Spam takes on many different forms. Sure, we're all familiar with the crap that makes it in to our inbox, but what about the other stuff - like the stuff that appears as comments in our blog entries?
Blog comment spam is on the rise, particularly when it's used less as a direct advertising tool and more for Search Engine Optimization (SEO) attacks/manipulation. In most cases I've observed, the SEO-orientated blog spam has been initiated by the bad guys - looking to escalate their infectious drive-by Web sites to the top of search engine results.
Lately though, I've noticed that a well-known security vendor - Sophos - has been employing this tactic. For example, check out the following blog comment submissions (pending moderation):
For the last few weeks there have been similarly themed comment submissions, typically initiated by the same accounts and targeting the same blog entries (based upon keywords).
This tactic is common, and there are a number of tools designed to automated this kind of spam and SEO attack.
What's interesting (and annoying at the same time) is that this repeated spam appears to be initiated by Sophos. As you'll see in the three comments above, the word "malware" is hyperlinked and in all cases points back to http://www.sophos.com/products/malware-protection/
I find this a pretty unsavory tactic, especially if it's initiated by a security company looking to be trusted by its customers.
Sophos - if you're listening - stop your comment spam campaign and end your SEO attacks. It's unprofessional.