Spammers Target Social Networking Sites


It makes sense, spammers will follow whatever is popular, wherever the social mass is at and reading they will bombard.

In the earlier days Myspace was a big target, now they are moving on to other sites such as Facebook. Social networking sites are an ideal place for spammers as they can exploit the trust between ‘friends’ in the system to deliver more compelling messages.

I personally haven’t seen any spam on Facebook yet, but I’m outside of the US, rather selective about my friends, networks and the information I publish there.

Social networking sites have become the new front in the war against spam, according to security watchers.

In the six months leading up to March 2008, social networking sites saw a four-fold growth in the amount of spam on their network. At several major social networking sites, 30 per cent of new accounts created are automated fraudulent ‘zombie’ accounts, designed to be used for spam and other malicious attacks, according to anti-spam firm Cloudmark.

JF Sullivan, VP of marketing at Cloudmark, said the type of spam advertised through social networks is the same type as that advertised by email spam and punted by much the same people. “There’s an implicit trust in social networking. People don’t think they’re going to be attacked with spam,” Sullivan told El Reg. “People don’t trust email anymore. Spammers are following peoples’ online habits.”

It’s scary though that 30% of new accounts are created for spam purposes, that’s a huge number! I imagine it’s a fairly simple process to search for accounts with a generated list of names and just ass them all as friends…then spam them with invites to few phishing sites.

Sometimes flaws in the sites can be used to generate messages that appear to be from people’s other friends.

Social networking spam can be messages between users or posts to walls or other similar applications. Social network spammers most often hijack accounts using fake log-in pages. Phishing-like tactics, password guessing and the use of Trojans to capture keystrokes are also in play.

Junk messages, rigged to appear as though they came from their friends, are more likely to be acted on by recipients on social networking sites compared to the same messages received by email. Social network spammers try to recruit friends by posting profile pictures that depict them as attractive young women. By recruiting people into their groups or networks it’s easier for spammers to subsequently send them spam.

All the major social networks have a problem with spam, according to Sullivan, with volumes of spam ranging from 15 to 30 per cent.

So watch your wall, it might be getting spammed soon. It’s true too that the demographic of most social networking sites is quite low on a technological level so it’s very likely that it would be easy to socially engineer them into clicking something.

Certainly something to watch out for, especially on how they are going to counter it. It’s gets boring to say it…but educating the users is the solution – not more technological strangleholds.

Source: The Register

Posted in: Social Engineering, Spammers & Scammers, Web Hacking

, , , , ,


Latest Posts:


APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.


7 Responses to Spammers Target Social Networking Sites

  1. Bogwitch May 22, 2008 at 9:10 am #

    As if I needed another reason to avoid social networking sites, there it is!

  2. Jinesh Doshi May 22, 2008 at 1:02 pm #

    I have seen a lot of shit on Orkut. I wonder how come you are late in posting the article.

  3. Pantagruel May 22, 2008 at 6:08 pm #

    @Jinesh Doshi

    Darknet isn’t late

    http://www.darknet.org.uk/2007/12/worm-spreading-fast-on-googles-orkut-social-network/

    And like bogwith said, yet another reason to scorn the likes of facebook.
    I personally don’t get it anyway, I rather meet a old friend over a beer nstead of splashing info on the net.

  4. Jinesh Doshi May 23, 2008 at 9:56 am #

    Point noted Pantagruel. Thanks for bringing this to my notice.

  5. lyz August 15, 2008 at 12:39 pm #

    Spamming on social networking sites are used by some as a promoting tool/technique on SEO.

  6. Navin August 15, 2008 at 6:02 pm #

    Obviously….the funniest thing in Orkut are these so called “themes” A “scrap” with a pic attached screams”if you want this theme….click here”

    Clicking takes U to the join page of a community which sends the same scrap to “all” of the new members friends (using javascript) and these communities have membership tht grows exponentially(in the lakhs)!! And U don’t even get tht damn theme!! I’ve never really figured out why people want these weird themes anyway :?

    No identities hacked….no personal info scammed out of U….but definitely VERY VERY VERY irritating!!esp. when U have quite a few duma$$ frenz who actually fall for this!!

  7. lyz August 16, 2008 at 5:37 am #

    Yap. And on Friendster or myspace and other networking sites, you receive this chain messages that if you don’t reply a family member etc will die.. I mean, it’s up to you if you’ll ignore em or not but really annoying. Just pieces of crap on you inbox. sigh