Well this is an odd one. Looks like a human assisted spammer but I am not sure of the long term goals. Going to leave this for a bit to see what happens. I expect they will edit the post after it moves off the front page. I honestly cannot understand the economics of this model however.

For anyone curious about the pics (but don't want to click them) they simply look like tourists photographs of Egypt. There are even a couple on the site which might be considered on topic (A cargo plane with AA guns next to it) but I expect they are trying to drive traffic for Google Ads. Still makes very little economic sense given how little revenue that generates.

They could be steganography, and contain malicious code. JPGs are notorious for the ease with which that can be done. Run your antivirus program, Kato, and anyone else who looked.

Seconded.



There have also been cases where innocent-looking (or at least legal) "infected" JPGs have been used as a means to put kiddie porn on an unsuspecting person's computer, which is rather considerably worse than a visus ...

That might be a good point, Paul. I opened a file and I've been bounced with a trojan virus that has spread to others via my facebook account. There was also something strange on facebook about the same time so it could be coincidence but it's worth looking into.

Scratch that, the virus came from facebook, I've tracked it back.

Still, the post is strange.

Thanks for the warnings but the virus in a JPG is extremely over rated threat.



The IP, domain and email are also not flagged in any malware or spam database I can find. That is why this is such an odd post. Before I chose to leave it I did look at all angles I could think of.

Here's a possibility -- is he on our rolls Maybe he posted the pics to the wrong group by accident.

It is a new person. They only registered, confirmed and posted. The timing pattern looks like a human assist spammer as no unnecessary pages were hit.

As far as I can tell the IP address/Email/Username has never been user for spam or malware. The domain that the links go to must be new and very small as there are fewer than 200 pics on the site. The originating IP of the "spam" was Egypt but the webserver is in the US.

Everything about this is just odd. Spammers usually throw up a dozen flags. My usual rule for deleting them is to check 3 flags (Bad IP, Username and Email address) of the 130 or so spam bots that have registered, only 1 (other than this one) have not had at least 2 of the 3 (and 95% had all). This one has 0 that is what is so vexing. Spam of any type, even to malware sites, is only effective in volume. We are a tiny fish so I don't see why we would be the only site they chose.

Unless a former/current nemesis of mine has appeared (cue dramatic music) just to mess with me .

The more likely explanation is someone is doing a very small test to see how effective spam is, but even then I would expect a 100 sites to be hit not just us.

Edit. Ok I am now seeing others getting hit. I guess somehow we were the first in line. I will ban the user and delete this thread after 24 hours.

Final Diagnosis most likely a Google Ad revenue generator.

I have submitted the email and IP to my spam databases.

It's a communist plot to overthrow the forum!

(For you youngin's, when I was in my teens and twenties, everything was a communist plot...)

WRONG... its a Canadian plot to overthrow the forum and make everyone adore and worship snow!

Then its a plot doomed to fail. Where I am 99% of people have never seen snow.

Too late! I already adore and worship snow -- especially now that I live in San Antonio!

If visibility is an issue for worship, I think most religions are in trouble.

I may not delete this thread as at this point it appears mostly harmless.

its stilla communist plot, they are just much sneakier about it.