Botnets target social networks with spam

Life for a phony profile on Twitter may be short, but it isn't deterring spammers from continuing to work their scams on social networkers, says one security researcher.

Bots aimed at Twitter are usually easily identified and shut down, but they're quickly recreated, according to Kaspersky Lab security expert, Vicente Diaz.

Diaz cited one porn campaign targeting Twitter that included more than 5000 bots and was creating more, at the rate of 250 a day. A bot is a compromised computer that's part of larger network, called a botnet, controlled by a cyber criminal, also known as a botmaster.

That rapid rate of bot creation is necessary because their life span is smaller than a Mayfly's. "For some campaigns the half-life of the fake profiles is as low as 45 minutes," Diaz wrote.

The campaigns can be very effective when they're combined with hijacked accounts, he added. "Social media is a good environment for convincing people to click on something that they shouldn't," said Wade Williamson, a senior security analyst with Palo Alto Networks.

That's especially true of Twitter, which typically consists of a brief message and a link. The form of those links also helps spammers conceal their motives. "Many Twitter messages use shortened URLs," Williamson said. "Once those URLs are shortened, you can't see if you're being taken to a place that looks suspicious."

Spammers have also found social media superior to their old standby email for delivering their junk. "Over the years, we've trained people to be suspicious of email," Williamson said. "People really don't have as much experience with that in social media."

On Facebook, many spammers try to lure their victims to websites where infected malware can be pushed to their computers with enticing messages, said Bianca Dima, a security specialist with Bitdefender.

[Slide show: 15 social media scams]

Topping the list of a recent Bitdefender survey of the most popular enticing messages used by spammers on Facebook over the last six months was one that claimed it could show who was stalking you on the social network.

"The scam is very popular in English, but the French and Spanish are also falling for this trap," Dima said in an interview. "They want to see their stalkers and their ex-lovers."

Messages containing links to putative sex tapes are also popular among spammers, she added. Prime attractions in that category are Rianna and Tayor Swift.

Spammers like social media because it gives their messages credibility. "If you see something on your friend's Timeline, you believe it," Dima said.

While social networks like Twitter and Facebook have made great strides in combating spam and scams on their systems, miscreants will continue to mine the networks for victims because there's plenty of cash to be earned from their efforts.

"They can make 1,000 to 10,000 percent profit on a campaign," said Don Jackson, a senior security researcher at Dell SecureWorks.

In fact, the scam artists have their activity down to a science. "The groups that run the botnets have studies to tell them how many successful Twitter accounts you need to successfully seed a new botnet," Jackson said.

Although still popular, social media attacks peaked with the Koobface worm in 2007 to 2008, said Mary Landesman, a senior security researcher with Cisco.

However, news events can cause a spike in activity. "An example of that occurred last week when malicious actors attempted to exploit interest in the Boston Marathon bombings and the fertilizer plant explosion in Texas," Landesman said.

"Many of these involved setting up fake charity 'scam' accounts on both Facebook and Twitter," she added.

Read more about social networking security in CSOonline's Social Networking Security section.

Join the CSO newsletter!

Error: Please check your email address.

Tags applicationssecurityData Protection | Social Networking Securitysoftwarebotnettwittersocial networksdata protectionkaspersky labpalo alto networks

More about CiscoDellFacebookKasperskyKasperskyPalo Alto NetworksSecureWorks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John P. Mello

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts