We have recently come under a particularly persistent case of comment spam attack on the Vamsoft Community Forums. Like everybody on the Internet, our forums get spammed occasionally by spambots and humans alike, so in a way, this was an unremarkable event.
Eventually, we have decided to investigate our spammer and what we have found is a little-known secret of how automated web browsers like PhantomJS are abused by spammers for their purposes. This sort of attack dates back to at least 2013, yet little information is available on the Internet.
To help raise awareness among the web developer and administrator communities, we have published a case study on our investigation and contributed a few ideas for detecting the new kind of spambots.