Lame comment spam campaign attempts to promote iPhone app

“I blog often and truly appreciate your content”

Softbroke app spam

It's a lot of fun (and sometimes hard work) running your own blog. One of the "pleasures" is keeping an eye on the comments that visitors post each day

Thankfully I don't get to see most of the spammy messages, but every now and then I check my spam folder to see if any genuinely useful comments accidentally fell into the wrong bucket.

This morning I found a large pile of comments that had been identified as spam, all saying generically positively things about my blog. That's a typical tactic used by comment spam - hoping that you'll feel so flattered to have received a positive comment on your wibblings that you will approve its publication.

What caught my eye on this occasion, however, was that all of the messages had one thing in common - a link to a specific app on Apple's iTunes store.

Spam comments

Clearly they are spam. The messages are out of context of the content of the articles that they are commenting on, and all share the same characteristics (single name, they've given a seemingly random Gmail address, and - the clincher - they are all pointing to the same iPhone app for no apparent reason).

Comment spam like this isn't unusual, but for some reason my interest was piqued enough to dig a little deeper than I would normally bother.

Obviously I haven't allowed any of the spammy comments to be published, but if you were to visit that link - https://itunes.apple.com/us/app/sms-timer-schedule-any-sms-posting/id1084070665?mt=8 - you would find yourself on a page promoting an iPhone app called "SMS timer - schedule any sms posting".

Sms timer itunes

The SMS Timer sells for $1.99, and despite being released in February last year still hasn't garnered any reviews. My guess is that it's not proving that popular.

The app is developed by a firm called Softbroke who have produced dozens of other apps for both the iPhone and iPad, and some for Android too. These include Super Matteo (who definitely shouldn't be mixed up with a popular Italian plumber called Mario as he jumps through "100 action packed levels with boss fights, mysterious castles, trolls and wizards.")

Super Matteo

Super Matteo hasn't had stellar success on the App Store either. Unlike SMS Timer it's a free app, but hasn't managed to generate enough excitement (or disdain) to gather any reviews from the public.

Super matteo

A visit to Softbroke's website suggests that the company is based in Tallinn, the capital city of Estonia, and that it provides white labelling services for individuals who wish to run their own gambling website, or launch a smartphone game, but don't have the ability to do all the donkey work for themselves.

Softbroke website

Curiously, Softbroke says it offers search engine optimisation (SEO) services - although it gives no more details as to precisely what that entails.

Why would anyone want to post hundreds of comments on blogs pointing to an iPhone app? My guess is that whoever was behind the spam campaign believes that this would somehow boost the app's chances of appearing in search engines, and may drive traffic to the apps.

But that's never going to happen while their obvious spammy comments end up in the sin-bin.

Quite who would have an interest in promoting the app remains a mystery. I'll leave it to you to figure out who potential suspects might be.

Tags: , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , ,

3 Responses

  1. A.Simmons

    March 9, 2017 at 12:02 pm #

    You mean to say my Mum *doesn't* really think my website's loading speed is incredible, and that I'm doing a distinctive trick?

    #gutted!

  2. Michael Ponzani

    March 9, 2017 at 1:07 pm #

    Mr. Cluely:

    Speaking about spam: Late last night in the mail was a note saying I've been pwned (again). I did sign up for these notices. Apparently the River City Media spam list got hacked and about 393,304,309 email addresses, IP addresses, names, physical addresses have been stolen. This led to a website MacKeeper by Zeobit, resold by StackSocial. Where have I seen that before? I also was inadvertently involved in a lot of fabricated data being lifted from Zoosk. River city Media is one of those data miners/storage companies, most of which are up to no good. If you want I can forward you the letter.

    My regional bank sent some security tips which included shredding. I forgot to tell them to use a cross cut shredder. I did manage to let them know about burning the shredded docs in their fire place or BBQ grill. I said burn random portions as they fall out of the shredder or mix the shreds up and grab some here and there. Or else burn random bags of sensitive confeti. We're not allowed open burning here so we stuff our landfills instead.)

    Discover Card now allows spaces in the password. I've used that. I haven't remembered to use phony family names as you suggested. Mine will vaguely sound like swear words in certain portions. Duck Shoe does not vaguely sound like a swear word..Duck Soup does.
    I did answer a security question concerning my favorite activity: masturbation. I do wash my hands to avoid (G)uming up the keyboards.

    Endeavoring harder and harder to avoid identity theft,

    Yours,

    Sticky Fingers Mike.

  3. Ian B

    March 9, 2017 at 11:27 pm #

    I particularly like the one from someone who is still excited about owning an iPhone 3GS – a model that was first sold almost 8 years ago!

    If they are going to use a spam-bot you'd think they'd at least update the message templates from time to time!

Leave a Reply