.... though technically not blog spam, one of the sites I look after, had the following submitted to the guestbook (good thing I wrote a filter for it huh?) a few minutes ago;
Incase you're wondering, our dear spammer is apparently coming from pioneernet.net (apparently a US based ISP - never heard of them myself).
You're probably wondering;
1. Why I am writing about this
2. Why I didn't have it block anything with A HREF or BBCode
Well, to answer #1, I thought it was funny, especially given this particular spam doesn't lead to a YouTube video, which I was actually expecting - but leads to a profile that links to pharmacy-elite.com (IP: 18.104.22.168), registered to Nexton Limited in the Ukraine, and hosted by MoskvaCom Ltd in Russia (AS2118), who also host canadianhealthcare.eu (IP: 22.214.171.124).
Our dear spammer however, is also known for something a little worse than meds spam - rogue crapware. Looking at ProjectHoneyPot shows references to a fake WordPress blog (I say fake because I've got a few other sites listed that are hosted on the same IP block) at softwarestory.com. Looking at the source code, shows a reference to a .JS file;
vURL Online - softwarestory.com/wp-admin/games/oufff.js
This returns some rather interesting code;
If we decode this, we see;
If we remove ' + query + ', we see it redirects us to;
To answer #2, I don't get anywhere near as many infected or spammy e-mails as I used to, so I've got to try and keep some of my fun.
Spambot Search Tool - 126.96.36.199 / firstname.lastname@example.org
hpHosts - onlinefurniture4u.info
hpHosts - stabilityinternettools.com