Feeds

Cybercrims dump email for irresistible Twitter, Facebook spam

Thanks for the fake Viagra link, mum

Using blade systems to cut costs and sharpen efficiencies

Cybercrooks have quit pouring barrels of spam into email inboxes in favour of hassling marks on social networks as an easier way to make money.

The dismantling of remote-controllable armies of compromised PCs, the collapse of some shady affiliate advertising networks, and better spam-filtering technology have all resulted in a decrease in traditional email spam delivery.

However, dodgy messaging to promote sites selling knock-off goods, pills to enhance performance beneath the sheets, and other tat, has only been displaced rather than destroyed. Twitter and Facebook have both become primary conduits for spam in the process - and the messages sent usually look far more convincing.

Paul Judge, chief research officer at Barracuda Networks, said that one in 100 tweets on Twitter and one in 60 messages on Facebook were either spam or malicious. The switch from email was an obvious move for crooks because social networks are where the majority of internet users spend their time, Judge told delegates at Barracuda's technical conference in Munich on Friday.

"Wherever users are attackers will follow," he explained.

Judge described automated tools used to set up fake accounts on Facebook. These accounts use like-jacking (a form of click-jacking), among other techniques, to trick users into landing on pages that promote survey scams, earning miscreants affiliate revenue in the process. The nuisance level created by fake accounts is not in proportion to their actual number, which Judge admitted was hard to quantify. He compared the situation to the early days of email spam.

"Tools are available to automatically generate a profile and make it look like a real user by adding likes and places of education attended, for example," Judge explained. Fake profile are very different from legitimate profiles: 97 per cent of fakes are female, compared to 40 per cent of the real population on Facebook, and 58 per cent claim to be bisexual females, compared to 6 per cent of the real female users of the social network who say they like both men and women. Fake profiles also tend to have "more friends", 726 on average compared to the 130 average for the general Facebook population.

Creating a snowball of spam

Spammers also use fake fan pages, featuring big names such as Harry Potter and Nike, to promote dodgy links - a situation Judge described as "out of control". Once established, the bogus pages are linked up by the fake profiles through wall posts and photo tagging to gain extra traction and can attract hundreds of thousands of likes from misled punters in just a few days.

“If a person likes a page, they can be tagged in a photo with 50 other people who each have hundreds of friends. Thousands can be reached from one photo, making the process very efficient,” Judge explained. The photo has a comment underneath containing a malicious link that poses as links to more photographs.

"Facebook could make changes to restrict the utility of photo tagging to spammers by, for example, only allowing the photo tagging of someone you are already friends with but this would reduce the overall number of page views."

Twitter is also extensively used by spammers: fake accounts can be created far more easily than on Facebook via a trivial scripted process that involves submitting only a name, email address and password. Fake accounts either mention legitimate users or comment on trending topics in order trick surfers into following dodgy links. Many fake accounts can be recognised by following a large number of people but having few people following them back.

Stephen Pao, vice president of product management at Barracuda, said that much the same groups involved in email spam have moved over to peppering social networks with junk messages. "It's the same ecosystems and you can see examples of spam campaigns that start in email moving onto social networks," he explained.

Exploit kits and "Facebook cloaking tools" are been offered for sale in underground cybercrime marketplaces in much the same way tools that automated the process of email spamming have long been flogged, he added.

Google+ and LinkedIn have also attracted some malicious activity but the lack of software interfaces to automate message sending, and weak popularity in terms of sheer numbers of visitors, have made these less of a target for spammers than either Twitter or Facebook. Spam on Pinterest and Foursquare remains a nascent problem.

"It's more dangerous than the early days of email spam because you get a link ostensibly sent to you by your friend or mum rather than a bank you don't do business with," Pao concluded. ®

Boost IT visibility and business value

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.