Uncovering comment spammers -- what are they doing?
A lot is known about e-mail spammers, both due to lots of investigations into them and due to some "ex-spammers" talking about what they've done. And it's widely known that they're using infected PCs now.
But what about comment spam? I've been dealing with it a lot at work, and am noticing some oddities. A good amount tends to come from countries where labor can be had cheaply, and watching logs on pages with captchas suggests that they're doing it slowly enough that they're probably just doing it by hand. Unlike the scripts I'd been used to (which would just hammer out POST requests to forms as fast as they could), some spammers are now loading pages on which the comment form resides, waiting a few seconds, and then submitting the spam with a sensible HTTP referrer -- it's as if someone is actually sitting there and copying-and-pasting spam. It seems really odd to me that someone is actually sitting there manually posting spam, though.
Comment spam tends to come from a few areas of the world -- the poverty-stricken parts of Asia; Russia, Africa, and Latin America in particular -- and yet it's often hyping products in other parts of the world. Has anyone found what I'm thinking are US-owned shops paying third-world spammers? Is that what's actually happens?
And other nonsense reigns. Some of the spam getting posted to my employer's site links to sites that, according to whois records, have never existed. A LOT of other spam has egregious formatting errors -- BBCode on a site that doesn't support it, or malformed links (mysite.com/www.spamsite.com) posted over and over again. It's like they're either so clueless that they have no idea that their spam doesn't work, or that they're just being paid by post or something and so they don't even care if the links work.
Has anyone (not necessarily personally) ever tracked down exactly what this "industry" is up to? Even though it seems like a simple extension of e-mail spam, there's a lot of odd behavior that makes me think it's actually quite different, and now I'm really curious.