Botnets target social networks with spam
Life can be short for bogus profiles, but the spam keeps on coming
By John P. Mello, Jr.
April 22, 2013 — CSO — Life for a phony profile on Twitter may be short, but it isn't deterring spammers from continuing to work their scams on social networkers, says one security researcher.
Bots aimed at Twitter are usually easily identified and shut down, but they're quickly recreated, Kaspersky Lab security expert Vicente Diaz wrote on Monday.
Diaz cited one porn campaign targeting Twitter that included more than 5,000 bots and was creating more, at the rate of 250 a day. A bot is a compromised computer that's part of larger network, called a botnet, controlled by a cyber criminal, also known as a botmaster.
That rapid rate of bot creation is necessary because their life span is smaller than a Mayfly's. "For some campaigns the half-life of the fake profiles is as low as 45 minutes," Diaz wrote.
The campaigns can be very effective when they're combined with hijacked accounts, he added. "Social media is a good environment for convincing people to click on something that they shouldn't," said Wade Williamson, a senior security analyst with Palo Alto Networks.
That's especially true of Twitter, which typically consists of a brief message and a link. The form of those links also helps spammers conceal their motives. "Many Twitter messages use shortened URLs," Williamson said. "Once those URLs are shortened, you can't see if you're being taken to a place that looks suspicious."
Spammers have also found social media superior to their old standby email for delivering their junk. "Over the years, we've trained people to be suspicious of email," Williamson said. "People really don't have as much experience with that in social media."
On Facebook, many spammers try to lure their victims to websites where infected malware can be pushed to their computers with enticing messages, said Bianca Dima, a security specialist with Bitdefender.
[Slide show: 15 social media scams]
Topping the list of a recent Bitdefender survey of the most popular enticing messages used by spammers on Facebook over the last six months was one that claimed it could show who was stalking you on the social network.
"The scam is very popular in English, but the French and Spanish are also falling for this trap," Dima said in an interview. "They want to see their stalkers and their ex-lovers."
Messages containing links to putative sex tapes are also popular among spammers, she added. Prime attractions in that category are Rianna and Tayor Swift.
Spammers like social media because it gives their messages credibility. "If you see something on your friend's Timeline, you believe it," Dima said.
While social networks like Twitter and Facebook have made great strides in combating spam and scams on their systems, miscreants will continue to mine the networks for victims because there's plenty of cash to be earned from their efforts.
"They can make 1,000 to 10,000 percent profit on a campaign," said Don Jackson, a senior security researcher at Dell SecureWorks.
In fact, the scam artists have their activity down to a science. "The groups that run the botnets have studies to tell them how many successful Twitter accounts you need to successfully seed a new botnet," Jackson said.
Although still popular, social media attacks peaked with the Koobface worm in 2007 to 2008, said Mary Landesman, a senior security researcher with Cisco.
However, news events can cause a spike in activity. "An example of that occurred last week when malicious actors attempted to exploit interest in the Boston Marathon bombings and the fertilizer plant explosion in Texas," Landesman said.
"Many of these involved setting up fake charity 'scam' accounts on both Facebook and Twitter," she added.
Read more about social networking security in CSOonline's Social Networking Security section.