It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.
In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between ‘friends’ in the system to deliver more compelling messages.
I personally haven’t seen any spam on Facebook yet, but I’m outside of the US, rather selective about my friends, networks and the information I publish there.
Social networking sites have become the new front in the war against spam, according to security watchers.
In the six months leading up to March 2008, social networking sites saw a four-fold growth in the amount of spam on their network. At several major social networking sites, 30 per cent of new accounts created are automated fraudulent ‘zombie’ accounts, designed to be used for spam and other malicious attacks, according to anti-spam firm Cloudmark.
JF Sullivan, VP of marketing at Cloudmark, said the type of spam advertised through social networks is the same type as that advertised by email spam and punted by much the same people. “There’s an implicit trust in social networking. People don’t think they’re going to be attacked with spam,” Sullivan told El Reg. “People don’t trust email anymore. Spammers are following peoples’ online habits.”
It’s scary though that 30% of new accounts are created for spam purposes, that’s a huge number! I imagine it’s a fairly simple process to search for accounts with a generated list of names and just ass them all as friends…then spam them with invites to few phishing sites.
Sometimes flaws in the sites can be used to generate messages that appear to be from people’s other friends.
Social networking spam can be messages between users or posts to walls or other similar applications. Social network spammers most often hijack accounts using fake log-in pages. Phishing-like tactics, password guessing and the use of Trojans to capture keystrokes are also in play.
Junk messages, rigged to appear as though they came from their friends, are more likely to be acted on by recipients on social networking sites compared to the same messages received by email. Social network spammers try to recruit friends by posting profile pictures that depict them as attractive young women. By recruiting people into their groups or networks it’s easier for spammers to subsequently send them spam.
All the major social networks have a problem with spam, according to Sullivan, with volumes of spam ranging from 15 to 30 per cent.
So watch your wall, it might be getting spammed soon. It’s true too that the demographic of most social networking sites is quite low on a technological level so it’s very likely that it would be easy to socially engineer them into clicking something.
Certainly something to watch out for, especially on how they are going to counter it. It’s gets boring to say it…but educating the users is the solution – not more technological strangleholds.
Source: The Register
Recent in Social Engineering:
- Social Engineering Vulnerability Evaluation and Recommendation Project
- VeriSign Demands The Power To Take Down Websites/Domains
- The Social-Engineer Toolkit (SET) – Computer Based Social Engineering Tools
- Save Your Reputation Online with ReputationDefender
- Koobface Worm Variant Hits Facebook
- Teen Data Exposed on Myspace
Most Read in Social Engineering:
- How to get Ops and takeover a channel on IRC Hack Hacking - 166,784 views
- Domain Stealing or How to Hijack a Domain - 38,117 views
- Michael Jackon Spam/Malware – RIP The King Of Pop - 25,492 views