There is also the possibility that the 'referrer-advertised site' is a victim, and that the actual log-spammer (comcast client or client-controlling botnet) is attacking both our sites *and* the advertised site. That would depend on the sites to which these log-spam requests are sent (IOW, this wouldn't apply to logspam sent to our presumably-legitimate sites), but the possibility exists that the spammer could also target a victim advertised site by creating a bunch of links to it from very-shady Web sites' public logs... (I have no idea if that would work to invoke a search penalty if the number of shady-site links got large enough, but the possibility exists).

So it's important as well to properly assign the 'log spammer' moniker to the controller of the log-spamming network (i.e. the bot herder), and not necessarily to the requesting IP address or hostname, or to the domain name in the referrer string.

Jim

In this instance, I think the distinction between zombie and controller is in Gary's description -- "a bot like this uses the same UA with a different referrer for every page request...". Where bad conduct is bot-specific and the referer(s) has no connection to the site hit, I consider log-spamming.

Alas, given how the UA describes itself on-site, not all 'victims' may be innocent: "[S]o spread the word and cash in! ..."