Pondering All The Strange (Chinese?) Accounts Joining My Email Newsletter List...
October 24, 2011
I have been amazed - and I can't for the life of me understand WHY this is going on.
For my VERY infrequently issued email newsletter, A View From The Crow's Nest, I've seen probably 50 subscriptions over the last month from email accounts with very bizarre names - both names of email address and also the first and last names of the users. They pretty much all have come from accounts at:
- hotmail.com
- tom.com
- 163.com
- sohu.com
- yeah.net
Now, in looking at those sites... outside of hotmail.com, they are all Chinese-language sites.
Did my (English-only!) blogs get on some list for people to read in China?
... and some % of those people decided to actually subscribe to my (again, English-only) email newsletter?
I find this hard to believe, particularly when Google Analytics shows NO increased visitation to any of my sites from China or Chinese-language browsers.
Is something else going on here? The IT security part of my brain was spiked into high paranoia by the patterns in the last names that were entered into the subscription form. The vast majority of these "last names" were either:
- andeson
- aifseng
- billaa
- John
And the "first names" make no sense as an English name. Here's a screenshot showing some recent subscriptions (with, yes, some info deliberately hidden):
This pattern continues for several more pages.
Now, I have no real knowledge of the Chinese language. Is this perhaps a translation of Chinese characters into Roman letters by the iContact email service I use? i.e. are these perhaps legitimate subscription requests where the info is getting lost in translation?
My first thought before I realized all the sites (sans hotmail.com) were Chinese was that this was spammers subscribing to my newsletter from free email services.
But why?
I couldn't (and still can't) figure that out. What good would it do for a spammer (or other attacker) to subscribe to my email newsletter list?
Or are the subscription records bogus anyway? Are they the byproduct of attackers trying to probe the security of the signup forms? To see if they could exploit a SQL injection attack or something like that?
Or is something more widespread going on? A Google search on "aifseng", for instance, shows that "word" paired with other nonsensical (in English) "words" on a host of other sites.
Did I miss a memo about some security issue going on? Or is this the case where something is getting lost in translation?
Any ideas or info out there?
Image credit: maddercarmine on Flickr
If you found this post interesting or useful, please consider either:
- following me on Twitter;
- adding me to a circle on Google+;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.
If you found this post interesting or useful, please consider either:
- following me on Mastodon;
- following me on Twitter;
- following me on SoundCloud;
- subscribing to my email newsletter; or
- subscribing to the RSS feed.