Monday, March 21, 2011

Weirdest Google Spam I've seen


I was just using Google to troubleshoot a Windows problem and noticed a very weird thing.

First I discovered a forum thread on exactly the problem I've been having. Woohoo, right? Then the next search result was someone on another forum having the same problem again. But no new info. In fact, it seemed to be similar information to that in the first thread. Very similar.

By the third repetitive thread, I started wondering so I went back and compared them all. It was the same thread, give or take a post, even with the same usernames for the posters. It wasn't just that someone had posted the same question in multiple troubleshooting forums. The posts were replicated in their entirety on all these different sites. One site even reconstructed the thread in the form of blog post comments. And these sites were every result on the first page of Google! (Ok, minus one conventional spam result.)

If you're anything like me you've got a whole number of different questions in your head right now.

First, how did they accomplish this? Did they actually copy and paste the posts into a page structured just like a real forum but actually fabricated? Some of them I swear are real forums I've seen around, like vistaheads.com and vistax64.com. But then again, am I just thinking of similar-looking sites like windows7forums.com? I guess the spammers could've copied their exact look to elicit this reaction of "Ok great, I think I recognize this forum.."

So then if they did copy fake threads then, uh, why? It's not the normal search engine spam where the page is full of keywords, links, and phrases that make it seem kind of like a real, thought-out webpage but on second look could all be auto-generated (I guess? They're so good these days!). In fact, most of these sites don't even have ads, which would at least explain the business model. Of course, that's with NoScript blocking all JavaScript so maybe there's actually a few ads.

Oh no, speaking of NoScript there's a possible explanation. If you wanted to build a shady site that distributed malware (via JavaScript and browser exploits) but needed visitors, why not copy/paste a tech support forum thread? People always arrive at those via Google search terms, clicking willy-nilly whether or not they know the site. Well I guess the damage is done, having already opened the pages. Hopefully they're not using any exploits that NoScript won't block.

In that case, though I'm listing the links for my reference and yours, I won't hyperlink them (even with a nofollow):


WARNING: POSSIBLE MALWARE/SPAM/SHADY SITES.
You are advised not to visit these. I regret doing it myself. I have reconstructed the thread after the jump so you don't even have to visit out of curiosity.

In order of appearance in the Google search results for "LocalSystemNetworkRestricted startup":

http://www.vistaheads.com/forums/microsoft-public-windows-vista-file-management/292696-local-system-network-restricted.html
http://www.vistax64.com/vista-file-management/185188-local-system-network-restricted.html
http://www.winvistatips.com/re-local-system-network-restricted-t165633.html
http://www.ms-news.net/f3839/local-system-network-restricted-8215470.html
http://www.svchost-errors.com/82/svchostexe-localsystemnetworkrestricted-actions-to-eliminate-error/*
    *This one is actually a conventional spam site (without the forum thread)
http://us.generation-nt.com/answer/local-system-network-restricted-help-31087692.html
http://www.pcreview.co.uk/forums/re-local-system-network-restricted-t3895632.html
http://www.oamate.com/local-system-network-restricted.html
http://www.realgeek.com/forums/local-system-network-restricted-381483.html
http://www.tech-archive.net/Archive/Vista/microsoft.public.windows.vista.file_management/2009-01/msg00170.html


The mysterious forum thread after the jump:
Edit: Haha, just realized the irony that I'm actually copy/pasting this thread yet again.

Subject: Local System Network Restricted
Date: 10-06-2008
User: Don

I am running Vista Home Premium, 64 bit version. My computer has been very
slow for about 5-6 minutes after startup with constant disk access. I have
used the Reliability and Performance option under Administrative tools and
find that after about 2-3 minutes after startup, the only thing appearing is
numerous SVC|HOST calls with the (Local System Network Restricted) very
active. I am at a loss to debug any further. It is beyond my meager
capabilities. Can someone give me a clue as to what may be going on?


Subject: Re: Local System Network Restricted
Date: 01-22-2009
User: schobe

Don;853542 Wrote:
> I am running Vista Home Premium, 64 bit version. My computer has been
> very
> slow for about 5-6 minutes after startup with constant disk access. I
> have
> used the Reliability and Performance option under Administrative tools
> and
> find that after about 2-3 minutes after startup, the only thing
> appearing is
> numerous SVC|HOST calls with the (Local System Network Restricted) very
> active. I am at a loss to debug any further. It is beyond my meager
> capabilities. Can someone give me a clue as to what may be going on?

I have had the same problem repeatedly and have seen no responses
elsewhere on the internet. I am also looking for this answer. My system
profiles are in my profile. I have to use a memory scrubber to force
Vista to release the same SVC/HOST function. If anyone knows why this is
repeatedly happening, any ideas would be appreciated. Thanks, and God
Bless!


--
schobe


Subject: Re: Local System Network Restricted
Date: 02-05-2009
User: Frozen

I have the same problem. I thought it was a game I just installed
"Frontlines: Fuel of war" so i uninstalled the game and I still the same
problem. Svchost is running at about 50% cpu and slowing everything down. I
have the same "localsystemnetworkrestricted" problem. I will have to check
my vista computer at work because i have noticed the cpu is running high as
well. I'll bet I have the same problem at work.

"schobe" wrote:

>
> Don;853542 Wrote:
> > I am running Vista Home Premium, 64 bit version. My computer has been
> > very
> > slow for about 5-6 minutes after startup with constant disk access. I
> > have
> > used the Reliability and Performance option under Administrative tools
> > and
> > find that after about 2-3 minutes after startup, the only thing
> > appearing is
> > numerous SVC|HOST calls with the (Local System Network Restricted) very
> > active. I am at a loss to debug any further. It is beyond my meager
> > capabilities. Can someone give me a clue as to what may be going on?
>
> I have had the same problem repeatedly and have seen no responses
> elsewhere on the internet. I am also looking for this answer. My system
> profiles are in my profile. I have to use a memory scrubber to force
> Vista to release the same SVC/HOST function. If anyone knows why this is
> repeatedly happening, any ideas would be appreciated. Thanks, and God
> Bless!
>
>
> --
> schobe
>


Subject: Re: Local System Network Restricted
Date: 09-27-2009
User: asjapulk

I have the same proble. svhost (local system network restricted) is
making large amounts of IO (usually reads some WoW data files). I have
disabled defragment and ReadyBoost. It also happens while the PC is in
use. I hate that I don't know whats going on under Windows. Most
processes are svhosts..not much help.


--
asjapulk


Subject: Re: Local System Network Restricted
Date: 09-27-2009
User: (anonymous)

IF you right click svchost in Task Manager you can choose Go to Service. It
will highlite the contained services on the Service tab.

--
..
--
"asjapulk" wrote in message
news:3abf5e6f0b1b904cf2f8f923cce536fd@nntp-gateway.com...
>
> I have the same proble. svhost (local system network restricted) is
> making large amounts of IO (usually reads some WoW data files). I have
> disabled defragment and ReadyBoost. It also happens while the PC is in
> use. I hate that I don't know whats going on under Windows. Most
> processes are svhosts..not much help.
>
>
> --
> asjapulk

No comments:

Post a Comment

Due to spam, comments will have to wait for manual moderation :/