Feeds

Cybercrims dump email for irresistible Twitter, Facebook spam

Thanks for the fake Viagra link, mum

Next gen security for virtualised datacentres

Cybercrooks have quit pouring barrels of spam into email inboxes in favour of hassling marks on social networks as an easier way to make money.

The dismantling of remote-controllable armies of compromised PCs, the collapse of some shady affiliate advertising networks, and better spam-filtering technology have all resulted in a decrease in traditional email spam delivery.

However, dodgy messaging to promote sites selling knock-off goods, pills to enhance performance beneath the sheets, and other tat, has only been displaced rather than destroyed. Twitter and Facebook have both become primary conduits for spam in the process - and the messages sent usually look far more convincing.

Paul Judge, chief research officer at Barracuda Networks, said that one in 100 tweets on Twitter and one in 60 messages on Facebook were either spam or malicious. The switch from email was an obvious move for crooks because social networks are where the majority of internet users spend their time, Judge told delegates at Barracuda's technical conference in Munich on Friday.

"Wherever users are attackers will follow," he explained.

Judge described automated tools used to set up fake accounts on Facebook. These accounts use like-jacking (a form of click-jacking), among other techniques, to trick users into landing on pages that promote survey scams, earning miscreants affiliate revenue in the process. The nuisance level created by fake accounts is not in proportion to their actual number, which Judge admitted was hard to quantify. He compared the situation to the early days of email spam.

"Tools are available to automatically generate a profile and make it look like a real user by adding likes and places of education attended, for example," Judge explained. Fake profile are very different from legitimate profiles: 97 per cent of fakes are female, compared to 40 per cent of the real population on Facebook, and 58 per cent claim to be bisexual females, compared to 6 per cent of the real female users of the social network who say they like both men and women. Fake profiles also tend to have "more friends", 726 on average compared to the 130 average for the general Facebook population.

Creating a snowball of spam

Spammers also use fake fan pages, featuring big names such as Harry Potter and Nike, to promote dodgy links - a situation Judge described as "out of control". Once established, the bogus pages are linked up by the fake profiles through wall posts and photo tagging to gain extra traction and can attract hundreds of thousands of likes from misled punters in just a few days.

“If a person likes a page, they can be tagged in a photo with 50 other people who each have hundreds of friends. Thousands can be reached from one photo, making the process very efficient,” Judge explained. The photo has a comment underneath containing a malicious link that poses as links to more photographs.

"Facebook could make changes to restrict the utility of photo tagging to spammers by, for example, only allowing the photo tagging of someone you are already friends with but this would reduce the overall number of page views."

Twitter is also extensively used by spammers: fake accounts can be created far more easily than on Facebook via a trivial scripted process that involves submitting only a name, email address and password. Fake accounts either mention legitimate users or comment on trending topics in order trick surfers into following dodgy links. Many fake accounts can be recognised by following a large number of people but having few people following them back.

Stephen Pao, vice president of product management at Barracuda, said that much the same groups involved in email spam have moved over to peppering social networks with junk messages. "It's the same ecosystems and you can see examples of spam campaigns that start in email moving onto social networks," he explained.

Exploit kits and "Facebook cloaking tools" are been offered for sale in underground cybercrime marketplaces in much the same way tools that automated the process of email spamming have long been flogged, he added.

Google+ and LinkedIn have also attracted some malicious activity but the lack of software interfaces to automate message sending, and weak popularity in terms of sheer numbers of visitors, have made these less of a target for spammers than either Twitter or Facebook. Spam on Pinterest and Foursquare remains a nascent problem.

"It's more dangerous than the early days of email spam because you get a link ostensibly sent to you by your friend or mum rather than a bank you don't do business with," Pao concluded. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New twist as rogue antivirus enters death throes
That's not the website you're looking for
ISIS terror fanatics invade Diaspora after Twitter blockade
Nothing we can do to stop them, says decentralized network
prev story

Whitepapers

A new approach to endpoint data protection
What is the best way to ensure comprehensive visibility, management, and control of information on both company-owned and employee-owned devices?
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.