Hey you,
BE IN THE KNOW!

35,000 ransomware infections per month and you still believe you are protected?

Sign up to receive:

  • alerts
  • news
  • free how-to-remove guides

of the newest online threats - directly to your inbox:


Get Rid of Referral Spam Leading to Semalt from Google Analytics

spam-refferral-smalt-sensorstechforumA number of website URLs linking to Semalt Media’s website have been reported to be associated with numerous referral spam messages sent out all across the globe on various websites. The spam affects predominantly websites which do not have adequate spam protection and which are not monitored to often. All users, as well as website publishers, should be aware that this spam can quickly devaluate Google Analytics data of a site and infect the ones who open the spammed web links with malware and unwanted programs as well as involve them in various scams.

Threat Summary

NameSemalt
TypeReferral Spam.
Short DescriptionSoftware which spams different URLs to boost traffic to them and to quickly devaulate the statistics on targeted sites..
SymptomsSpams contain several specific spammed URLs which redirect to third-party sites. The default domains of those URLs redirect to Semalt’s web page.
Distribution MethodWeb Crawlers and Ghost Referrals
Detection Tool See If Your System Has Been Affected by Semalt

Download

Malware Removal Tool

User ExperienceJoin our forum to Discuss Semalt Spam Campaings.

How Do Semalt Spam Links Distribute

Since the spammers behind Semalt have used a massive spam campaign, according to Incapsula researchers, the spammers may have used two types of spamming software:

Web Crawlers or Spiders

This type of spamming software “crawls” though different pages to collect information about how often are the sites of those pages modified by administrators and other criteria. After it has gathered enough data, it may initiate a massive spam campaign on certain URLs, previously assigned to it from a specific “hitlist”. And what is worse is that reports by Incapsula indicate that when official Google bots crawl to scan for web links they begin to index the referral spammed web links and therefore boost the SEO of the spammed web site, in this case, Semalt.

Ghost Referral Spam

Even though it has not been officially confirmed, Semalt Referral Spam may also be redistributed via ghost referrals. Such spam is more sophisticated and more targeted than massive. It takes advantage of the free HTTP protocol to connect remotely to the website and spam while not even being on the website itself. It is extremely effective and is very hard to be removed.

Both off those spam methods can be utilized via very expensive spam campaigns, and they are something you DO NOT want to have on your website. Besides regular checks for spam, they should be permanently blocked on your web server because they have the potential to quickly devaluate the data of Google Analytics websites. And the damage done by such spammed URLs may even be more. For example, Ghost Referrals can target specific aspects of Google Analytics data to devaluate. And not only this, but it may also lead to malicious web pages that may infect the users of the website with malware, and make them never come back to your site again.

More Information About the Semalt Referral Spam

As soon as the spam is initiated, it may be in messages that contain web links which originate from the following domains:

  • http://semalt.semalt(.)com
  • HTTP:// keywords-monitoring-your-success.com
  • HTTP:// free-video-tool.com

Also, researchers have identified that the following IP addresses were belonging to spam bots spreading web links redirecting to Semalt’s main web page:

  • 186.214.178.98
  • 24.218.171.58
  • 79.49.195.113
  • 187.112.50.169

In addition to that, the spammers are reported to use a very dangerous software, called QtWebKit, which allows them to perform different activities, like executing different JavaScript. Also, further reports indicate that these spam bots may be doing the spamming from infected machines and hence be spread via different malware, like botnet malware, for example. Malware researchers report that Semalt may have used the Soundfrost botnet which might have allowed them to infect hundreds of thousands of computers all over the world, primarily in South America.

More Information on Semalt

The website itself appears to be a website that offers a variety of services to users as well as websites:

semalt-redirect-keywords-ref-spam-sensorstechforum

Besides the products it offers, Semalt’s website also pretends to offer to analyze a website’s potential for free by scanning for keywords and other statistics:

semalt-website-potential analysis

However, the website wants money from users to show the report for its analysis. It offers various SEO tools and even to create websites for its clients.

Stop Semalt Referral Spam from Your Computer

Since referral spam associated with Semalt may link to many third-party websites, trying to boost their traffic by using spamming methods, users can never be too sure what type of websites the web links will lead them to. Not only this, but such spam is mainly a menace for website publishers since it devaluates their analytics data quickly and makes research based on it impossible. This is why we advise you to use some of the following instructions and hopefully block this spam and protect yourself in the future as a user.

1: Filtering Semalt in Google Analytics
1: Block Semalt from Your Server.
3: Stop Semalt via WordPress.

Vencislav Krustev

A network administrator and malware researcher at SensorsTechForum with passion for discovery of new shifts and innovations in cyber security. Strong believer in basic education of every user towards online safety.

More Posts - Website

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.