This gibberish spam doesn't make much sense, pardon the pun. The spambot isn't inserting any actual links. My wikis are getting spammed with short text strings like "copasnotra" and "romonboel". Based on my limited understanding of spambots, it seems like the bots are making these changes as a prelude to doing something else.
After some further investigation, some interesting clues emerge. This "gibberish spambot" is evidently generating fake user accounts. I deleted hundreds of fake accounts last night from the four wiki databases that we run. The spambot is surprisingly doing something that should make it easy to stop them: all of their fake user accounts include an email address from the ".ru" domain. The user names are all different, but the spambot only uses a limited number of fake email addresses from the .ru domain. Would it be possible to reject user registrations with code that rejects anything from a certain domain?
Another facet of this problem is that this spambot is using proxy ISPs or rotating fake IP addresses. In my experience, this is a common method that spambots use to defeat easy anti-spam measures like server level IP blocking.
Now that I think about it, I may have thwarted the final stage of this bot's activities by implementing that spam hack that stops hidden DIV spam. But our wikis are still getting hit hard by the "gibberish spam". It's unclear if the hidden DIV spam and the gibberish spam are part of the same spambots suite of attacks.
Chuck