Looks like Blarg's right about how to handle bogus search results, but he's left how to deal with spoofers polluting the mesh as an exercise for the reader. ;P

There was a thread I very almost linked to this one but without proof of the results I thought it best not to at this time. One person traced the ipod ads back thru several sections/links to a major telecommunictions company ... the largest one in that country. And so has it they were offering discount iPods (about 20-30% normal price) to those who joined one of their mobile phone plans (well it was either mobile phones or internet or cable or digital TV services. I found the latter out for myself b/c I was offered one. I just can't remember what it was they were selling off hand.

Perhaps that might be the reason (corrupted downld mesh) which certainly does or was known to in the past to have at least some issues. But I'd tend to disagree. How in all heck could it give auto-feedback with spam adds to the same websites & always the same sizes. It just looks to well setup & organised to have this effect for the benefit of those sites or their parent/ relative companies. Who has invested interests in www.clearoutclub.com or is it just a lolly pop to attract people to their business. Just a thought! lol :D :p

Some links to someone who knows what the spam is 1. Diallers (click on link), 2. Spam 2 ,
3. Spam 3 , 4. Spam 4 , 5. Spam 5 , 6. Spam 6 . All of these point to what these files are & why they should be either filtered out or ignored, but never opened!!! Some interesting discussions if you're interested! ;)

It would explain how they have access to send those search results from such a huge variety of IP addresses.

I personally think it's AOL though. :P

I guess one just have to avoid downloading files that are extraordinarily too small for the file they are looking for. Like say for example a 364 KB Smallville EP4.wmv. Also try checking the "Browse Host" button if its on or lit if you click the file from the selection of downloads. If it's not then you can suspect that it may be a spam. And perhaps if we ever downloaded these type of files we should delete it right away so it won't be downloaded by other unsuspecting victims.

Filtering These Results
 

So that you are all aware I've been working on a solution to this problem solution by for filtering out results for those hosts. I've tested in my lab and it's pretty effective. I will keep you posted

Too small works for the wmvs, but not the jpegs, as they are a typical size for legit jpegs. The spoofed results all have a name that's just your search term, perhaps with the capitalization changed and/or underscores inserted after every letter. It's easy to avoid them. Harder to avoid are spoofed files -- the search result is legit, but the file you end up with is bogus due to a spoofer participating in the mesh for the file. For example, you search for "foo" and go to get foo1.jpg, foo2.jpg, ..., foo15.jpg and all of them look normal except foo2.jpg and foo11.jpg, which are corrupt, or ipod spams, or those damaged-and-spammy sara18 or michelle18 images, or whatever. AFAIK the only thing you can do about those is delete them after the fact and retry downloading them until you get the genuine foo2.jpg and foo11.jpg that actually fit into the sequence with the others instead of the spoofed files.

I also recommend you make your shared and download directory separate and move files to the former only after previewing them. This avoids inadvertently sharing spam and damaged files, but moreover, it might keep your *** out of jail if you inadvertently download some mislabeled material that proves to be ... unacceptable. If you accidentally share something like that, you could end up in a bad situation trying to prove your innocence. To be sure you don't, don't share any file you haven't pre-screened for being acceptable. Preview media; virus scan executables. Anything unacceptable, secure-delete the file if you can, and definitely delete it.

I avoid downloading wmvs under 1 meg (or any wmvs for that matter, yuk) or jpegs that show dozens of sources, a T1 speed, and whose name contains all and only the words in my search query.

Despite this, I still occasionally get one of those ipod spams, as a jpeg that had not matched any of the warning criteria above -- it may well have shown only one modem source and been named with a query term missing and a word not in my query.

These can't be spoofed search results, but they are not legitimate either. So how can a legitimate search result not result in getting the intended file when downloading? Is it possible for a spammer to insert their garbage into a download without having generated the search result you used to start that download? How can they be stopped? I'm getting sick of this crap!

I get this too. It used to be easy to avoid that ipod crap -- don't download anything with a zillion T1 hosts whose name doesn't contain any words except only and exactly the ones in your search query. If it was from a cable host it was safe. If it had only 3 sources it was safe. If its name didn't contain a word from your search it was safe. If its name contained a word you never used in your search it was safe.

Not anymore. Now it seems the mesh is being polluted too -- every batch of files I get contains at least one ipod spam that looked like a legitimate, normal, non-spoofed result in the search I did.

How do I keep these F*#!ING THINGS OFF MY F&*!ING HARD DRIVE! It's MY COMPUTER! I DECIDE! I WANT THESE THINGS GONE! NEVER AGAIN! HOW DAMMIT?!

I could Bitzi lookup all the files in every single search, but that would TAKE FOREVER, not to mention Bitzi isn't very dependable -- I checked a bunch of known spams and maybe half of them had bad ratings on Bitzi and the rest were simply "unknown".

I NEED A BETTER SOLUTION. NOW GODDAMMIT!

Has anyone noticed that the spammer seems to be on at certain times of day? It's enough to make a guess that they live in the eastern time zone of north america.

In fact it's rather strange -- surely the spam operation is automated and could operate 24/7 with a minimum of supervision? Yet the spammer disappears shortly after midnight eastern time, which suggests otherwise. Only one type of computer system is that incapable of remaining up for any length of time unassisted by a human. The spammer is running Microsoft Windows ME without any service packs.

GAAAAHHH

Can anyone tell me how the hell this is being done?

Isn't it enough to send 40 or so bogus results for every search? Now the *******s have to start substituting their spew for normal images as well?

I just found an ipod spam in my download directory titled "Resident Evil Front Cover.jpg". I did not do a search for "resident evil front cover" or any permutation thereof. It can't possibly have been me accidentally clicking on on of those bogus results. So where the HELL did it come from? It seems the following has occurred...

1. Someone that isn't the spammer has a file titled Resident Evil Front Cover.jpg. Presumably, this file is legitimate, since they aren't the spammer and therefore wouldn't be sharing it if it weren't.
2. My search finds this file. (It was for generic cover art.)
3. I go to download the file.
4. Somehow something goes wrong at this stage, and it starts downloading from the spammer instead of from the guy with the real "Resident Evil Front Cover.jpg" file.

How does step 4 happen? How does the spammer hijack downloads for normal files and not just put in their own spoofed search hits for their not so normal files? And how the hell can this attack be stopped? Avoiding the bogus search results is easy. But if any ordinary jpeg or wmv whatever can get hijacked en route and substituted with the dreaded ipod, there is no escape is there???