22 May 2008 | 3,584 views

Spammers Target Social Networking Sites

Check Your Web Security with Acunetix

It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.

In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between ‘friends’ in the system to deliver more compelling messages.

I personally haven’t seen any spam on Facebook yet, but I’m outside of the US, rather selective about my friends, networks and the information I publish there.

Social networking sites have become the new front in the war against spam, according to security watchers.

In the six months leading up to March 2008, social networking sites saw a four-fold growth in the amount of spam on their network. At several major social networking sites, 30 per cent of new accounts created are automated fraudulent ‘zombie’ accounts, designed to be used for spam and other malicious attacks, according to anti-spam firm Cloudmark.

JF Sullivan, VP of marketing at Cloudmark, said the type of spam advertised through social networks is the same type as that advertised by email spam and punted by much the same people. “There’s an implicit trust in social networking. People don’t think they’re going to be attacked with spam,” Sullivan told El Reg. “People don’t trust email anymore. Spammers are following peoples’ online habits.”

It’s scary though that 30% of new accounts are created for spam purposes, that’s a huge number! I imagine it’s a fairly simple process to search for accounts with a generated list of names and just ass them all as friends…then spam them with invites to few phishing sites.

Sometimes flaws in the sites can be used to generate messages that appear to be from people’s other friends.

Social networking spam can be messages between users or posts to walls or other similar applications. Social network spammers most often hijack accounts using fake log-in pages. Phishing-like tactics, password guessing and the use of Trojans to capture keystrokes are also in play.

Junk messages, rigged to appear as though they came from their friends, are more likely to be acted on by recipients on social networking sites compared to the same messages received by email. Social network spammers try to recruit friends by posting profile pictures that depict them as attractive young women. By recruiting people into their groups or networks it’s easier for spammers to subsequently send them spam.

All the major social networks have a problem with spam, according to Sullivan, with volumes of spam ranging from 15 to 30 per cent.

So watch your wall, it might be getting spammed soon. It’s true too that the demographic of most social networking sites is quite low on a technological level so it’s very likely that it would be easy to socially engineer them into clicking something.

Certainly something to watch out for, especially on how they are going to counter it. It’s gets boring to say it…but educating the users is the solution – not more technological strangleholds.

Source: The Register



Recent in Social Engineering:
- A Story Of Social Engineering – How @N Lost His $50,000 Twitter Handle
- FoxOne Free OSINT Tool – Server Reconnaissance Scanner
- Hacker On Hacker Action – Zeus Botmaster Targets Anonymous Supporters

Related Posts:
- Save Your Reputation Online with ReputationDefender
- Koobface Worm Variant Hits Facebook
- Teen Data Exposed on Myspace

Most Read in Social Engineering:
- How to get Ops and takeover a channel on IRC Hack Hacking - 172,883 views
- Domain Stealing or How to Hijack a Domain - 40,887 views
- Michael Jackon Spam/Malware – RIP The King Of Pop - 25,511 views

Low-cost VPS Hosting

7 Responses to “Spammers Target Social Networking Sites”

  1. Bogwitch 22 May 2008 at 9:10 am Permalink

    As if I needed another reason to avoid social networking sites, there it is!

  2. Jinesh Doshi 22 May 2008 at 1:02 pm Permalink

    I have seen a lot of shit on Orkut. I wonder how come you are late in posting the article.

  3. Pantagruel 22 May 2008 at 6:08 pm Permalink

    @Jinesh Doshi

    Darknet isn’t late

    http://www.darknet.org.uk/2007/12/worm-spreading-fast-on-googles-orkut-social-network/

    And like bogwith said, yet another reason to scorn the likes of facebook.
    I personally don’t get it anyway, I rather meet a old friend over a beer nstead of splashing info on the net.

  4. Jinesh Doshi 23 May 2008 at 9:56 am Permalink

    Point noted Pantagruel. Thanks for bringing this to my notice.

  5. lyz 15 August 2008 at 12:39 pm Permalink

    Spamming on social networking sites are used by some as a promoting tool/technique on SEO.

  6. Navin 15 August 2008 at 6:02 pm Permalink

    Obviously….the funniest thing in Orkut are these so called “themes” A “scrap” with a pic attached screams”if you want this theme….click here”

    Clicking takes U to the join page of a community which sends the same scrap to “all” of the new members friends (using javascript) and these communities have membership tht grows exponentially(in the lakhs)!! And U don’t even get tht damn theme!! I’ve never really figured out why people want these weird themes anyway :?

    No identities hacked….no personal info scammed out of U….but definitely VERY VERY VERY irritating!!esp. when U have quite a few duma$$ frenz who actually fall for this!!

  7. lyz 16 August 2008 at 5:37 am Permalink

    Yap. And on Friendster or myspace and other networking sites, you receive this chain messages that if you don’t reply a family member etc will die.. I mean, it’s up to you if you’ll ignore em or not but really annoying. Just pieces of crap on you inbox. sigh