Spambot Targets WordPress with Spray and Pray
July 13, 2018 / Kacy Zurkus
Researchers at Imperva published their discovery of a new comment spam campaign that is leveraging the popularity of the World Cup to trick people into clicking on links that take them to shady betting sites. The campaign, which mainly targets WordPress sites, is launched by a botnet and implemented in the form of comment spam. Despite its being one of the oldest tricks in the hacker’s book, comment spam is still pretty popular. The comments appear to be little more than meaningless, generic text generated from a template and posted in the comment sections of blogs and news articles. When researchers sifted through the comments, they discovered a pattern: The linked sites offered betting services on 2018 FIFA World Cup matches.