Spammers Target Social Networking Sites

Use Netsparker


It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.

In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between ‘friends’ in the system to deliver more compelling messages.

I personally haven’t seen any spam on Facebook yet, but I’m outside of the US, rather selective about my friends, networks and the information I publish there.

Social networking sites have become the new front in the war against spam, according to security watchers.

In the six months leading up to March 2008, social networking sites saw a four-fold growth in the amount of spam on their network. At several major social networking sites, 30 per cent of new accounts created are automated fraudulent ‘zombie’ accounts, designed to be used for spam and other malicious attacks, according to anti-spam firm Cloudmark.

JF Sullivan, VP of marketing at Cloudmark, said the type of spam advertised through social networks is the same type as that advertised by email spam and punted by much the same people. “There’s an implicit trust in social networking. People don’t think they’re going to be attacked with spam,” Sullivan told El Reg. “People don’t trust email anymore. Spammers are following peoples’ online habits.”

It’s scary though that 30% of new accounts are created for spam purposes, that’s a huge number! I imagine it’s a fairly simple process to search for accounts with a generated list of names and just ass them all as friends…then spam them with invites to few phishing sites.

Sometimes flaws in the sites can be used to generate messages that appear to be from people’s other friends.

Social networking spam can be messages between users or posts to walls or other similar applications. Social network spammers most often hijack accounts using fake log-in pages. Phishing-like tactics, password guessing and the use of Trojans to capture keystrokes are also in play.

Junk messages, rigged to appear as though they came from their friends, are more likely to be acted on by recipients on social networking sites compared to the same messages received by email. Social network spammers try to recruit friends by posting profile pictures that depict them as attractive young women. By recruiting people into their groups or networks it’s easier for spammers to subsequently send them spam.

All the major social networks have a problem with spam, according to Sullivan, with volumes of spam ranging from 15 to 30 per cent.

So watch your wall, it might be getting spammed soon. It’s true too that the demographic of most social networking sites is quite low on a technological level so it’s very likely that it would be easy to socially engineer them into clicking something.

Certainly something to watch out for, especially on how they are going to counter it. It’s gets boring to say it…but educating the users is the solution – not more technological strangleholds.

Source: The Register

Posted in: Social Engineering, Spammers & Scammers, Web Hacking

, , , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


7 Responses to Spammers Target Social Networking Sites

  1. Bogwitch May 22, 2008 at 9:10 am #

    As if I needed another reason to avoid social networking sites, there it is!

  2. Jinesh Doshi May 22, 2008 at 1:02 pm #

    I have seen a lot of shit on Orkut. I wonder how come you are late in posting the article.

  3. Pantagruel May 22, 2008 at 6:08 pm #

    @Jinesh Doshi

    Darknet isn’t late

    http://www.darknet.org.uk/2007/12/worm-spreading-fast-on-googles-orkut-social-network/

    And like bogwith said, yet another reason to scorn the likes of facebook.
    I personally don’t get it anyway, I rather meet a old friend over a beer nstead of splashing info on the net.

  4. Jinesh Doshi May 23, 2008 at 9:56 am #

    Point noted Pantagruel. Thanks for bringing this to my notice.

  5. lyz August 15, 2008 at 12:39 pm #

    Spamming on social networking sites are used by some as a promoting tool/technique on SEO.

  6. Navin August 15, 2008 at 6:02 pm #

    Obviously….the funniest thing in Orkut are these so called “themes” A “scrap” with a pic attached screams”if you want this theme….click here”

    Clicking takes U to the join page of a community which sends the same scrap to “all” of the new members friends (using javascript) and these communities have membership tht grows exponentially(in the lakhs)!! And U don’t even get tht damn theme!! I’ve never really figured out why people want these weird themes anyway :?

    No identities hacked….no personal info scammed out of U….but definitely VERY VERY VERY irritating!!esp. when U have quite a few duma$$ frenz who actually fall for this!!

  7. lyz August 16, 2008 at 5:37 am #

    Yap. And on Friendster or myspace and other networking sites, you receive this chain messages that if you don’t reply a family member etc will die.. I mean, it’s up to you if you’ll ignore em or not but really annoying. Just pieces of crap on you inbox. sigh