This may sound a bit random, but besides working on this blog, I’m an avid writer of poetry (and sometimes prose).
One of the sites I was writing on with regularity for a while was WritersCafe.org, which is known for poetry, stories, and occasionally articles and blog posts. Nonetheless, I hadn’t used it for some time, and decided to log into it yesterday.
Immediately, I noticed something was off. The site has a news feed (much like Facebook or other social media sites), on which people post new poems, etc. Often, when I tried to click on one of the new poems, I would be redirected to another site with intrusive ads on it (or worse).
Beyond that, however, I noticed other strange things. The news feed usually announces new poems and stories that people have posted, or new members that have joined. While looking through the feed, there appeared to be a number of fake “people” that had “joined” the site (kind of like spam profiles on Facebook or Tinder). Some of them even featured partial nudity in the profile photos (which is uncommon):
Also, some of these so-called “profiles” were posting fake “poems” that were also spam ads:
According to my research, these ads were served by Revdepo.com, which is used by the RevenueHits ad network. Specifically, the malicious site was cdn1.srv.revdepo.com (please don’t click that link; it’s a pain in the ass.) If you accidentally (or purposely) clicked the links on some of these pages, you would be redirected to a site connected with that ad network in some way.
It seems to be a form of adware which, while annoying, isn’t going to be stealing my bank credentials or sending SWAT teams to my house (in theory).
Another oddity: WritersCafe.org does normally have banner ads, but generally they use something like Google AdSense. Be that as it may, even the normal Google Ads appeared to have been hijacked.
Overall, it wasn’t a big deal, and I was actually able to block most of the adware with some of the plugins I’ve reviewed in previous posts (like Privacy Badger and Adblock Fast)!
It does, however, make me wonder what other sites have been hijacked by this particular form of adware. And it also makes me wary, because I know that there are much worse forms of malware out there.
I’ll say this – if you’re a webmaster of any sort, keep an eye out for this adware (and other, more malicious types). It’s not the most harmful one by any means, but it’s a real pain in the ass for your visitors!!
Hey, at least this wasn’t CSI: Cyber; then there might be two codes on top of each other!