Web log abuse?

[Hugo van der Kooij <hvdkooij () vanderkooij org>]

Hi,

At the linux counter we noticed that the webserver logs get a large number 
of hits with a referrer setting to porn sites.

This seems to be the latest in the SPAM techniques. (See also: 
http://www.wired.com/news/culture/0,1284,56017,00.html)

Doing some digging myself it seem the request are made by genuine 
webbrowsers being lured into muddy watters somehow. IP adddresses that 
show up much do have a variaty of user-agent types and a telnet to port 
8080 seems to indicate it is just a proxy.

Does anyone know how the request are actually generated? Is it a backdoor 
installed via tools like kazaa? Or is it a matter of pop-up windows on 
these porn-sites? (So we just get hit by di...... ;-)

Any clues on what techniques are used and how they can be stopped are 
appreciated.

Hugo.

-- 
 All email sent to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com