Semalt Referrer Spam Campaign Powered by Malware Botnet

If you check the visitor stats and analytics for your website then you’ve likely noticed referral visits from “Semalt.”

Web CrawlerWhat is Semalt?

Semalt claims to be just another SEO tool, but its tendency to frequently probe websites have been driving website owners everywhere batty – including yours truly. (Googling “semalt crawler” will give you an idea of just how much.)

Now, Semalt tries to claim that its incessant crawling habit is fueled by the need to gather data for their SEO services. In reality, though, Semalt is carrying out a massive referrer spam campaign in efforts to boost search engine rankings.

Referrer Spam

Referrer spam often involves bulk website crawls using artificial headers that set the URL of the spammer’s choosing as the referring URL. Each crawl is logged in the server access log and the idea is this activity will generate backlinks for the referring URL on websites that have publicly-accessible access logs.

How referrer spam works
Image Credit: Incapsula

For months, Semalt’s crawlers have been bombarding websites multiple times per day, skewing the legitimate data in Google Analytics with junk visits, bogus referral data & increased bounce rates.

Ways to Block Semalt

Of course, the last thing website owners want is for their website analytics data to be tainted by Semalt’s bad SEO tactics.

Website owners can block Semalt by:

Additionally, Semalt offers website owners the option to “opt out” of being crawled, but that sounds about as safe as unsubscribing to a spam email – which you should never do. It usually results in the opposite of what you want!

The Botnet Behind Semalt

It seems as if the pesky site visits are only the tip of the Semalt spam iceberg, though.

Researchers have discovered that Semalt is using a malware-generated botnet to crawl websites. The massive botnet consists of almost 300,000 machines infected by a Trojan called “Soundfrost.”

Once Soundfrost makes its way onto a computer, it changes the default browser page, redirects the user to random sites of its choosing and tracks user browsing activity.  Majority of the infections appear to be in Brazil, but there are infected machines across the globe.

Soundfrost appears to pose as a music downloading and player app, so if you see it, think twice about downloading it.

Like this post? Follow us online by liking us on Facebook, following us on Twitter (@thechipmerchant), or circling us on Google+.