Difference between revisions of "Joe-job"

From WOT Wiki
Jump to: navigation, search
m (small improvements)
Line 1: Line 1:
  
A joe-job is a message that <em>looks</em> like spam, which is send to damage the reputation of a web-site, by making it look like the message was sent by the victim, who is the <strong>target</strong> of the spam, not the <strong>sender</strong>. See: http://en.wikipedia.org/wiki/Joe-job
+
A joe-job is a message that <em>looks</em> like spam, which is sent to damage the reputation of a web-site by making it look like the message was sent by the victim, who is the <strong>target</strong> of the spam, not the <strong>sender</strong>. See: http://en.wikipedia.org/wiki/Joe-job
  
It is not always easy to see if a spam-campaign is a joe-job, because sometimes one illegal domain will use a joe-job against another illegal domain.  
+
It is not always easy to tell if a spam campaign is a joe-job, because sometimes one illegal domain will use a joe-job against another illegal domain.  
So we cannot just decide by the nature of the domain, if the spam that has its name in it, is a joe-job or not.
+
So we cannot just decide by the nature of a spammed domain whether or not it is a joe-job.
 
+
Have a look at the WHOIS information of the domain and at its reputation.  
Have a look at the WHOIS-information of the domain and at its reputation.  
 
 
Check the reputation with a tool like http://www.urlvoid.com .  
 
Check the reputation with a tool like http://www.urlvoid.com .  
 
If a domain has existed for several years, and has not been blacklisted, than it is <em>not</em> likely that it suddenly will start spamming.
 
If a domain has existed for several years, and has not been blacklisted, than it is <em>not</em> likely that it suddenly will start spamming.
Line 15: Line 14:
 
Sometimes this will even be a message as unlikely as “we will send more spam”.
 
Sometimes this will even be a message as unlikely as “we will send more spam”.
  
Most recent joe-jobs targeted domains in Eastern Europe, and those domains are in a local language. Such domains depend on local customers and sometimes from customers in nearby countries who share the language. When such a domain is world-wide spamvertized, it is clear that that is a joe-job. A forum on politics in Ukrainian language has nothing to gain from sending world-wide spam to people who can not even read the domain. Therefore, if you receive spam in an unfamiliar, language for a domain that also uses unfamiliar language, you can be sure that it is a joe-job.   
+
Most recent joe-jobs targeted domains in Eastern Europe, and those domains are in a local language. Such domains depend on local customers and sometimes on customers in nearby countries who share the language. When such a domain is world-wide spamvertized, it is clear that that is a joe-job. A forum on politics in Ukrainian language has nothing to gain from sending world-wide spam to people who can not even read the domain. Therefore, if you receive spam in an unfamiliar language for a domain that also uses unfamiliar language, you can be sure that it is a joe-job.   
  
 
Joe-jobs are business. Criminal spammers who already have the control over large botnets, offer reputation damage on demand.
 
Joe-jobs are business. Criminal spammers who already have the control over large botnets, offer reputation damage on demand.
  
It is important to realize, that the purpose of joe-jobs is, to make as many anti-spammers as possible, submit bad comments and ratings at SiteAdvisor and WoT, and report the spam to services like SpamCop and to Registrars.  
+
It is important to realize that the purpose of joe-jobs is to make as many anti-spammers as possible submit bad comments and ratings at SiteAdvisor and WoT, and report the spam to services like SpamCop and to Registrars.  
 
This means that the spammers <strong>use</strong> anti-spammers to do the job they get paid for: damaging or even closing the targeted domain.
 
This means that the spammers <strong>use</strong> anti-spammers to do the job they get paid for: damaging or even closing the targeted domain.
 
When reporting joe-jobs to SpamCop, only submit the full headers + from the body only the part <em>above</em> any link to websites, and add the text "<truncated>".
 
When reporting joe-jobs to SpamCop, only submit the full headers + from the body only the part <em>above</em> any link to websites, and add the text "<truncated>".
 
By reporting it in that way, SpamCop will investigate and notify the source of the message (usually an infected system, which is part of a botnet), but nothing is reported on the innocent victim of the joe-job.
 
By reporting it in that way, SpamCop will investigate and notify the source of the message (usually an infected system, which is part of a botnet), but nothing is reported on the innocent victim of the joe-job.
  
Finally, when joe-jobs do not have the desired effect as quickly as the joe-job spammer (or the client they work for) wants, the available botnets sometimes are used for a DDOS attack to cause that the domains cannot be accessed, or have to pay for an expensive service that offers protection against a DDOS-attack.
+
Finally, when joe-jobs do not have the desired effect as quickly as the joe-job spammer (or the client they work for) wants, the available botnets sometimes are used for a DDOS attack so that the domains cannot be accessed, or have to pay for an expensive service that offers protection against a DDOS attack.
  
 
As always you should comment and rate a domain according to your own experience.  
 
As always you should comment and rate a domain according to your own experience.  
 
No matter how much you may dislike a certain kind of domain, only comment/rate it for good reasons. The fact that a joe-job has made you aware of the existence of a domain is <em>not</em> a good reason for rating it or commenting on it. Do <strong>not</strong> let yourself be used by spammers!
 
No matter how much you may dislike a certain kind of domain, only comment/rate it for good reasons. The fact that a joe-job has made you aware of the existence of a domain is <em>not</em> a good reason for rating it or commenting on it. Do <strong>not</strong> let yourself be used by spammers!

Revision as of 19:21, 17 January 2013

A joe-job is a message that looks like spam, which is sent to damage the reputation of a web-site by making it look like the message was sent by the victim, who is the target of the spam, not the sender. See: http://en.wikipedia.org/wiki/Joe-job

It is not always easy to tell if a spam campaign is a joe-job, because sometimes one illegal domain will use a joe-job against another illegal domain. So we cannot just decide by the nature of a spammed domain whether or not it is a joe-job. Have a look at the WHOIS information of the domain and at its reputation. Check the reputation with a tool like http://www.urlvoid.com . If a domain has existed for several years, and has not been blacklisted, than it is not likely that it suddenly will start spamming.

The style of the spam message will be different from average spam. Real spam will often use redirects and other tricks to make reporting more difficult. Joe-jobs will display the name of the domain in a prominent way, to make reporting as easy as possible. The joe-jobs will also often contain provoking text to irritate anti-spammers. That text can be vulgar words or ridiculous offers like heroin or Tomahawk-rockets. Sometimes this will even be a message as unlikely as “we will send more spam”.

Most recent joe-jobs targeted domains in Eastern Europe, and those domains are in a local language. Such domains depend on local customers and sometimes on customers in nearby countries who share the language. When such a domain is world-wide spamvertized, it is clear that that is a joe-job. A forum on politics in Ukrainian language has nothing to gain from sending world-wide spam to people who can not even read the domain. Therefore, if you receive spam in an unfamiliar language for a domain that also uses unfamiliar language, you can be sure that it is a joe-job.

Joe-jobs are business. Criminal spammers who already have the control over large botnets, offer reputation damage on demand.

It is important to realize that the purpose of joe-jobs is to make as many anti-spammers as possible submit bad comments and ratings at SiteAdvisor and WoT, and report the spam to services like SpamCop and to Registrars. This means that the spammers use anti-spammers to do the job they get paid for: damaging or even closing the targeted domain. When reporting joe-jobs to SpamCop, only submit the full headers + from the body only the part above any link to websites, and add the text "<truncated>". By reporting it in that way, SpamCop will investigate and notify the source of the message (usually an infected system, which is part of a botnet), but nothing is reported on the innocent victim of the joe-job.

Finally, when joe-jobs do not have the desired effect as quickly as the joe-job spammer (or the client they work for) wants, the available botnets sometimes are used for a DDOS attack so that the domains cannot be accessed, or have to pay for an expensive service that offers protection against a DDOS attack.

As always you should comment and rate a domain according to your own experience. No matter how much you may dislike a certain kind of domain, only comment/rate it for good reasons. The fact that a joe-job has made you aware of the existence of a domain is not a good reason for rating it or commenting on it. Do not let yourself be used by spammers!