Recently, a debate sprouted on MIU (Mauritius Internet Users) mailing list about email « advertising campaigns » … It started with SM receiving unsolicited emails from an advertising agency, konetou. He carried an investigation and published his findings.

The discussion also triggered attention towards Data Protection laws and all. On my end I thought of analyzing the activities of the agency & how it collects email addresses. It was clear that SM didn’t subscribe to any newsletter from the said company.

Naked eye observation

During my observation I found the website linked a « Privacy Policy » in the footer. My first reaction was to read what the company published there.

In that Privacy Policy page, at the bottom of the text I noticed two lines that were in Russian that didn’t seem should be there.

They were links to another page at gss.com.ua. The links appear on several pages of the website. The nature of these links seem spam-like & they might have been inserted by exploiting the CMS (Content Management System). At first glance, the website is built upon Joomla. The latter is notoriously known for often getting compromised due to improper management or negligence.

Viewing the page source displayed the following around the Russian texts: