Blog Spammers Posting Porn, Spyware Links to .Gov Sites

Q Boyer
CYBERSPACE — In a development that underscores one of the downsides to the greater interactivity of the so-called Web 2.0 environment, forums on governmental and educational websites are being exploited by blog spammers to spread spyware and generate traffic to adult sites, as documented by a noted tech blogger.

Brian Krebs, who blogs for the Washington Post on computer security issues, noted on his blog this week that pages on official websites for state governments and several elementary school districts have been targeted by spammers.

One such example is Labswe.org, the website for the Louisiana State Board of Social Work Examiners. A search for "porn" executed on Louisiana.gov, the official website for the state government of the state, yielded numerous links to pages on Labswe.org.

The pages on Labswe.org in turn were linked to gateway pages packed with adult site links and explicit thumbnails. In addition to gallery pages and traffic trade links, advertising for several major adult affiliate programs appears on many of these gateway pages.

Some of the pages linked from Labswe.org linked to pages that were identified by Norton Antivirus as containing spyware, and most of the pages either executed code that disabled the browser’s back button or popped exit consoles that defeated Internet Explorer’s popup blocker.

Among the sites and domains that were linked to from the governmental pages were Gorunger.com, OffPorn.com, multiple subdomains of FirstLink.ru and AfterHoursZone.com.

Adult industry attorney J.D. Obenberger told XBIZ that while the postings that led to spyware downloads most likely violated laws against computer trespassing and other cybercrime offenses, spamming the forums with links to adult sites does not constitute a crime, as far as he is aware.

Obenberger noted that while there is a federal law concerning misleading domain names that could cause children to unknowingly and unwillingly view sexually explicit materials, none of the domains in question here would qualify, and since the situation does not involve email, no CAN-SPAM liability would apply.

“If the government sets up a forum that’s open to the public, I don’t see why it is — or should be — illegal to use that forum for any legal purpose,” Obenberger said.

Obenberger said that if the content on the websites linked to in the forum posts were legally obscene, the forum spammers could be held liable under federal obscenity laws. Under federal law, Obenberger observed, if you “aid, abet or facilitate a crime, then you are considered just as guilty” as the perpetrator of the crime.

In between the time that XBIZ first conducted the searches on Louisiana.gov referenced above and the writing of this article — approximately 90 minutes — the pages on Labswe.org had been removed, and a search for "porn" on the state government’s site no longer returns links to the pages on Labswe.org. Links to the continuing education forum on Labswe.org also have been disabled.