Tag Archives: Microsoft

Microsoft Implements URL Keyword Stuffing Spam Filtering For Bing

Microsoft have announced they implemented a specific spam filtering mechanism for their Bing search engine a few months ago that targets a common spam technique known as URL keyword stuffing (KWS.)The announcement by Igor Rondel, Principal Development Manager, Bing Index Quality, came in a posting on the Bing Blog and explains URL KWS as thus:What is URL KWS?Like any other black hat technique, the goal of URL KWS, at a high level, is to manipulate search engines to give the page a higher rank than it truly deserves. The underlying idea unique to URL KWS relies on two assumptions about ranking algorithms: a) keyword matching is used and b) matching against the URL is especially valuable. While this is somewhat simplistic considering search engines employ thousands of signals to determine page ranking, these signals do indeed play a role (albeit significantly less than even a few years ago.) Having identified these perceived ‘vulnerabilities’, the spammer attempts to take advantage by creating keyword rich domains names. And since spammers’ strategy includes maximizing impressions, they tend to go after high value/ frequency/ monetisable keywords (e.g. viagra, loan, payday, outlet, free, etc…)Those are the basic mechanics that comprise the overall URL KWS concept. Looking at it a little closer, spammers employ a variety of approaches to implement this technique, resulting in a number of distinct flavours. These are some of the more common variants (note: some of the URLs mentioned below are fictitious, used to demonstrate the point) –

  • Multiple hosts, with keyword-rich hostnames: http://account.free.online.savings.samedaypaydayloansusa.com
  • Host/ domain names with repeating keywords: http://loan.payday.paydayloanspaydayloansusa.com
  • URL cluster across same domain, but varied hostnames comprised of keyword permutations
  • http://contososhoeswomen.shoesonsale.com/
  • http://bestwomensrunningsneakers.shoesonsale.com/
  • http://discountrunningapparelforwomen.shoesonsale.com/

URL squattingThis is a little different as the spammer is playing on a human tendency to misspell keywords & in effect syphoning traffic off of existing (typically high profile/ traffic) sites
E.g. http://nytime.com(misspelling ofhttp://nytimes.com), http://ebey.com (misspelling of http://ebay.com)It’s important to note, however, that certainly not all URLs containing multiple keywords are URL KWS spams. In fact, majority are perfectly legitimate non-spam URLs (e.g. http://www.nytimes.com/2011/08/25/opinion/how-to-fix-our-math-education.html.) To ensure high detection precision, this detection technique is typically used in combination with other signals (more on this below.)Addressing this type of spam is important because a) it is a widely used technique (i.e. significant SERP presence) and b) URLs appear to be good matches to the query, enticing users to click on them.How do we detect it?As I mentioned in the previous blog, we will not be giving out specific details on detection algorithms because spammers are likely to use that knowledge to evolve their techniques. I can, however, tell you that we look at a number of signals that suggest possible use of URL keyword stuffing, such as:

  • Site size
  • Number of hosts
  • Number of words in host/ domain names and path
  • Host/ domain/ path keyword co-occurrence (inc. unigrams and bigrams)
  • % of the site cluster comprised of top frequency host/ domain name keywords
  • Host/ domain names containing certain lexicons/ pattern combinations (e.g. [“year”, “event | product name”], http://www.turbotaxonline2014.com)
  • Site/page content quality & popularity signals

To amplify this, we try to cluster sites (by various pivots such as domain, owner, etc…) and then look for patterns of the signals listed above in the same cluster. This helps improve detection precision because spammers often create dozens/ hundreds of similar looking sites.What has been the impact on the end user & the SEO community?Users: This update impacted ~3% of Bing queries (on average ~1 in 10 URLs was filtered out per impacted query.)
SEO community: ~5M sites, comprising > 130M urls, have been impacted, resulting in upwards of 75% reduction in traffic to these sites from Bing.

  • Example queries: {hotmail login}, {bestbuy on sale}, {cheap hdtv}
  • Examples of spam sites impacted:
  • www.cheapviagrausa.com
  • www.cheapviagrapharma.com
  • www.buyviagracheapviagraergr.com
  • www.gmailloginsigninup.com

The information in this blog posting original appeared on the Bing Blog at:

Microsoft Withdraws .SKYDRIVE Application After High Court Loss

Microsoft have withdrawn their application for the .skydrive gTLD, according to a report in The Domains, after losing of a legal challenge that the technology company was infringing on a trademark of the UK broadcaster BSkyB.

BSkyB claimed Microsoft’s use of “SkyDrive” had caused confusion among the public, the BBC reported.

While Microsoft originally said they would appeal the decision, they have “now agreed to change the name worldwide after a ‘transition period’”.

Microsoft and BSkyB said in a joint statement “the settlement of this case reflects the desire of both companies to focus on joint projects to benefit their customers.”

“UK owners of Microsoft’s Xbox 360 can access Sky’s channels via the games console and there have been reports that the two are in talks for a deeper tie-up with the forthcoming Xbox One,” according to the BBC.

“In her ruling, the judge noted that customers having problems with Microsoft’s product had ended up calling the broadcaster’s helpline in the mistaken belief it was responsible for the service.”

So now that Microsoft do not have the rights to use the term SkyDrive and have agreed to change the cloud storage service’s name, they have no use for the gTLD.

Microsoft Launches ccTLD Registry Security Assessment Service

Microsoft have announced the launch of their new Country Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The announcement of the new service by Microsoft Security Staff is republished below:Microsoft Offers Security Assessment Service for Country-Code Top-Level Domain Registries (ccTLD)
The exploitation of vulnerabilities specific to country-code top-level domain (ccTLD) registries has become an increasingly common problem, especially in relatively small markets around the world. A ccTLD is an internet domain registry generally used or reserved for a country, a sovereign state, or a dependent territory, such as .co.uk (for United Kingdom) or .fr (for France). This allows web sites to be associated with their specific country, territory or geographic location and it provides the foundation for internet experiences by ensuring people using the internet reach the services they expect. Today, over 300 country-code top-level domain name registries are responsible for servicing hundreds of millions of domain names worldwide.Attacks on ccTLDs have far-reaching effects on private individuals, large and small companies, non-profits, and government organizations. Individuals attempting to reach certain web services may be redirected to inappropriate content where their computers can become infected by malware, putting their personal information at risk. Additionally, it is difficult for people to determine whether the problem is with the ccTLD or the organization that runs the service they are trying to reach. This often results in an erosion of confidence in online service providers when, in fact, they had nothing to do with the incident.Today, at the information security RSA Conference in San Francisco, Scott Charney, Microsoft’s corporate vice president for Trustworthy Computing, announced during his keynote the availability of our new Microsoft Country-Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The Online Services Security and Compliance team (OSSC) that I lead is responsible for securing Microsoft’s cloud infrastructure and data centers that host over 200 cloud services for more than one billion customers, over 20 million businesses and 76 markets worldwide. We are pleased to be able to provide this service to the greater online community and share many of the lessons we have experienced in our own environment.Microsoft’s History of Support for Country-Code Top-Level Domain RegistriesThe OSSC team works closely with industry groups such as the Internet Corporation for Assigned Names and Numbers (ICANN) that manages market domain name registries. Many of the companies that manage ccTLD registries are small organizations that may lack the resources to protect themselves from the constant onslaught of attacks. In the past three months, we observed several domain registry attacks that have occurred worldwide. Like the rest of the online community, Microsoft has also had to defend our web services against these types of attacks.Microsoft has been working with industry peers to support and urge ccTLD operators to adopt important security practices. We have also participated in efforts to work with the ICANN community to provide more oversight in ensuring members adopt these practices. While both of these steps are positive for the industry, our new service is an effort to provide more support.Microsoft’s Country-Code Top-Level Domain (ccTLD) Registry Security Assessment ServiceMicrosoft’s ccTLD Registry Security Assessment service is based on an existing internal program that we use to better protect our own web and online services. It provides scanning and reporting of security vulnerabilities of a ccTLD’s externally-facing web applications and servers. After requesting the security assessment service, ccTLDs will receive a vulnerability assessment report. If vulnerabilities are discovered, Microsoft will provide a consultation with guidance on how to remediate the problems. We will also provide periodic re-scanning to help ccTLDs continue to protect their domain registry services on an ongoing basis. Microsoft will also offer free secure development guidance and operations best practices that we employ in Microsoft’s own cloud environment.The service is available to any top-level domain registries, including country-code top-level domain (ccTLD), generic top-level domain (gTLD) and sponsored top-level domain (sTLD).How ccTLD Operators Can Receive the ServiceIf you own a domain registry and are seeking a solution to help identify vulnerabilities and receive guidance that may help to improve the security of your service, please visit: http://technet.microsoft.com/en-us/security/jj992598 to schedule an assessment.Through programs and initiatives like these, we hope to help create a safer, more trusted online experience for everyone and support a dynamic environment for increasing the dialogue and sharing of best practices within our industry.Pete Boden
General Manager
Online Services Security & ComplianceThis announcement by Microsoft Security Staff was sourced from:

Microsoft Raid To Disable Botnet Sees Seizure of 800 Domains

Microsoft announced it had, in conjunction with the financial services industry successfully executed a coordinated global action against some of the most notorious cybercrime operations that fuel online fraud and identity theft.

As part of the operation, Microsoft and its partners took down two Internet Protocol addresses behind the Zeus command and control structure, and Microsoft is currently monitoring 800 domains secured in the operation, which are helping identify thousands of computers infected by Zeus.

The legal and technical action led to a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry action against this cybercriminal organisation.

Partners in the operation were Information Sharing and Analysis Center (FS-ISAC) and NACHA – The Electronic Payments Association and Kyrus Tech Inc.

Through an extensive and collaborative investigation into the Zeus threat, Microsoft and its banking, finance and technical partners discovered that once a computer is infected with Zeus, the malware can monitor a victim’s online activity and automatically start keylogging, or recording a person’s every keystroke, when a person types in the name of a financial institution or ecommerce site. With this information, cybercriminals can steal personal information that can be used for identity theft or to fraudulently make purchases or access other private accounts. In fact, since 2007, Microsoft has detected more than 13 million suspected infections of the Zeus malware worldwide, including approximately 3 million computers in the United States alone.

“With this action, we’ve disrupted a critical source of money-making for digital fraudsters and cyberthieves, while gaining important information to help identify those responsible and better protect victims,” said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit. “The Microsoft Digital Crimes Unit has long been working to combat cybercrime operations, and today is a particularly important strike against cybercrime that we expect will be felt across the criminal underground for a long time to come.”

For more detailed information on the operation, see the New York Times report titled Microsoft Raids Tackle Internet Crime at www.nytimes.com/2012/03/26/technology/microsoft-raids-tackle-online-crime.html and the Microsoft news release Microsoft Joins Financial Services Industry to Disrupt Massive Zeus Cybercrime Operation That Fuels Worldwide Fraud and Identity Theft at www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx.

Microsoft Pays Bankrupt Nortel $7.5m For 666,624 IP Addresses

With IPv4 addresses becoming scarce, prices are booming. One consequence of this is Microsoft recently agreeing to buy almost two-thirds of a million IPv4 addresses for $7.5 million, or $11.25 per address, through a Delaware bankruptcy court from Nortel. The announcement came in the 23 March edition of the Dow Jones Daily Bankruptcy Report writes Milton Mueller on the Internet Governance blog.The sale, while not finalised yet, has approval from the Delaware bankruptcy court to proceed and subject to ARIN’s compliance process. And it signals a market value for IPv4 addresses says Bill St. Arnaud, described as one of Canada’s most prominent technology visionaries, writing on Network World.”Accountants and lawyers will now be scrambling to include address space as a new asset class in an organization’s balance sheet and debating how fungible IPv4 addresses actually are. Universities, research institutions and R&E networks, particularly in North America and Western Europe, who have a large number of unallocated address blocks will discover that their net worth has increased significantly overnight,” writes St Arnaud.”However, I would argue that this does not represent the total value of an IPv4 address. It is much closer to $200 or more per IP address. In reality IPv4 address represent energy consumption and can be expressed in energy equivalence of Kwh. In general a fixed IP address is used for servers such as web hosting, databases, computing etc.”While dynamic IP addresses are assigned to client computers such as PCs. A reasonable assumption is that each fixed and dynamic IP address is a proxy for 100W consumption. Servers will consume more power per IP address, but one must take into account that there are multiple addresses per server such as loopback addresses, etc. At 100 watts consumption, assuming 10 cents per KwH over a 3 year life span of a server represents a cost in excess of $200.”To read more of Bill St. Arnaud’s posting, see www.networkworld.com/community/node/72501.

Ex-Microsoft Manager In Domain Name Scandal

Former Microsoft (NSDQ:MSFT) domain manager Carolyn Gudmundson pleaded guilty to submitting false expense claims for buying and registering domain names to the tune of $1 million, according to sentencing records from the U.S. District Court in Seattle.

Microsoft had no comment on the case.

Gudmundson was ordered to serve 22 months in prison and pay restitution of $923,641 to the Redmond, Wash.-based Microsoft.

Gudmundson pleaded guilty to a total of 18 counts: 11 counts of wire fraud and seven counts of mail fraud. Gudmundson was originally indicted in December 2007.

According to court documetns, Gudmundson worked at Microsoft from 1987 to 2004 and was the sole person responsible for maintaining Microsoft’s some 14,000 domain names, as well as the myriad domain names owned by the Expedia travel site. Gudmundson resigned after Microsoft discovered her transgressions.

Court papers said that beginning in June 2000, Gudmundson began submitting fraudulent travel and expense reports to Microsoft for reimbursement. She had previously been authorized by her manager to use her Microsoft corporate American Express card to expedite the purchase of domain name registrations, renewals, transfers and acquisitions.

Original article : http://www.crn.com/software/209400603