Feeds

Cybercrims dump email for irresistible Twitter, Facebook spam

Thanks for the fake Viagra link, mum

High performance access to file storage

Cybercrooks have quit pouring barrels of spam into email inboxes in favour of hassling marks on social networks as an easier way to make money.

The dismantling of remote-controllable armies of compromised PCs, the collapse of some shady affiliate advertising networks, and better spam-filtering technology have all resulted in a decrease in traditional email spam delivery.

However, dodgy messaging to promote sites selling knock-off goods, pills to enhance performance beneath the sheets, and other tat, has only been displaced rather than destroyed. Twitter and Facebook have both become primary conduits for spam in the process - and the messages sent usually look far more convincing.

Paul Judge, chief research officer at Barracuda Networks, said that one in 100 tweets on Twitter and one in 60 messages on Facebook were either spam or malicious. The switch from email was an obvious move for crooks because social networks are where the majority of internet users spend their time, Judge told delegates at Barracuda's technical conference in Munich on Friday.

"Wherever users are attackers will follow," he explained.

Judge described automated tools used to set up fake accounts on Facebook. These accounts use like-jacking (a form of click-jacking), among other techniques, to trick users into landing on pages that promote survey scams, earning miscreants affiliate revenue in the process. The nuisance level created by fake accounts is not in proportion to their actual number, which Judge admitted was hard to quantify. He compared the situation to the early days of email spam.

"Tools are available to automatically generate a profile and make it look like a real user by adding likes and places of education attended, for example," Judge explained. Fake profile are very different from legitimate profiles: 97 per cent of fakes are female, compared to 40 per cent of the real population on Facebook, and 58 per cent claim to be bisexual females, compared to 6 per cent of the real female users of the social network who say they like both men and women. Fake profiles also tend to have "more friends", 726 on average compared to the 130 average for the general Facebook population.

Creating a snowball of spam

Spammers also use fake fan pages, featuring big names such as Harry Potter and Nike, to promote dodgy links - a situation Judge described as "out of control". Once established, the bogus pages are linked up by the fake profiles through wall posts and photo tagging to gain extra traction and can attract hundreds of thousands of likes from misled punters in just a few days.

“If a person likes a page, they can be tagged in a photo with 50 other people who each have hundreds of friends. Thousands can be reached from one photo, making the process very efficient,” Judge explained. The photo has a comment underneath containing a malicious link that poses as links to more photographs.

"Facebook could make changes to restrict the utility of photo tagging to spammers by, for example, only allowing the photo tagging of someone you are already friends with but this would reduce the overall number of page views."

Twitter is also extensively used by spammers: fake accounts can be created far more easily than on Facebook via a trivial scripted process that involves submitting only a name, email address and password. Fake accounts either mention legitimate users or comment on trending topics in order trick surfers into following dodgy links. Many fake accounts can be recognised by following a large number of people but having few people following them back.

Stephen Pao, vice president of product management at Barracuda, said that much the same groups involved in email spam have moved over to peppering social networks with junk messages. "It's the same ecosystems and you can see examples of spam campaigns that start in email moving onto social networks," he explained.

Exploit kits and "Facebook cloaking tools" are been offered for sale in underground cybercrime marketplaces in much the same way tools that automated the process of email spamming have long been flogged, he added.

Google+ and LinkedIn have also attracted some malicious activity but the lack of software interfaces to automate message sending, and weak popularity in terms of sheer numbers of visitors, have made these less of a target for spammers than either Twitter or Facebook. Spam on Pinterest and Foursquare remains a nascent problem.

"It's more dangerous than the early days of email spam because you get a link ostensibly sent to you by your friend or mum rather than a bank you don't do business with," Pao concluded. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.