Stardate 20030522.1939

(Captain's log): I started noticing something really strange in my referer logs a couple of days ago. Certain loads of specific articles seem to have been referred from a sex site. My first suspicion was that it was some sort of spoofing crawler; there's actually a company out there who offered to push URLs into referer logs for customers so that people like me who monitor their refers closely would go look at them.

I grepped my logfile for all the people who actually had shown those particular two referring sites, expecting that it would turn out to be a pretty consistent IP or range of IPs doing it. But in actuality, they turned out to be all over the place. There was a company in Goettingen, some system in Portugal, a public school in Tallahassee, a public library in Texas, something in Taiwan, something in Australia; it's coming from all over.

From which there really can only be two possibilities. Either those pages really do have some sort of refer to me (and I reluctantly looked, and they don't) or there's some weird viral program or trojan or other kind of thing moving around which is making it so that every refer reported by a browser on the infected computer is bogus and points to these sex sites. If so, this is a first.