Bad bots on the rise: A look at mobile, social, porn, and spam bots.

The world of malicious mobile, social, porn, or spam robots that live on the Internet and unsuspecting users' devices

From 2012 to 2013, Incapsula, a website security firm focusing on CDN solutions as load balancing, found that bot traffic went from consisting of 51 percent to 61.5 percent of all Internet traffic, a 10.5-percent increase. Thirty-one percent of those bots are malicious, according to data from the report.

The word "bot" means different things. For this story, a bot is a malicious mobile, social, porn, or spam robot that lives on the Internet and unsuspecting users' devices.

People errantly install mobile bots on smartphones as hidden elements of software bundles or free apps from third-party app stores. Since phone vendors do not authorize these downloads, users typically jailbreak or root their devices in order to enable a wider selection of free apps.

However, rooting disables the fundamental security that is present when it is impossible to download or install other than screened approved apps from the phone vendor's app store.

Social bots invade user accounts, infecting social media when someone installs an application or API add-on in their Facebook or Twitter account, explains Richard Henderson, Security Strategist, FortiGuard Labs, Fortinet.

Installation grants the program permission to post to that person's Facebook or Twitter content. Sometimes the user doesn't have to grant permission for the infection to occur. It can happen automatically, says Henderson.

Social bots and malware use permissions to post and message the user's contacts with links to more malware or to counterfeit merchandise. Again, users don't realize when they install these apps that hackers have deceived them. Infected accounts can spam contact lists with thousands of messages and links to additional infections, says Henderson.

Porn bots include chat room spammers and bots that pop up on adult websites. Chat room spammers crawl the Internet looking for chat forums that use technologies such as Internet Relay Chat (IRC) and web-based chat. Porn bots invade these sites, messaging offers of free adult images via links.

Porn chat bots live on free adult websites where they pop up chat windows with pictures of attractive people saying, "I see you are from [your town here]. I live in your area. Would you like to chat?"

The chat bot determines the user's location based on their IP address.

"There's some rudimentary intelligence in those bots," says Henderson, "designed to build familiarity with the user to entice them to click to another porn site, which will require them to pay for premium content."

Spam bots are a sub-category of any of these other types of bots. "They're designed to entice people to click on a link directing them to a malware delivery site or someplace selling counterfeit goods such as fake watches, Louie Vuitton handbags, and pharmaceuticals," he adds.

Bot Threats

Mobile bots hide under the device's operating system, sending premium text messages in secret. The associated messaging services end up costing the user thousands in phone bills.

"There's no way to see that you've been sending these texts until you get your phone bill," says Henderson.

Other mobile bots quietly collect user data, sending it back to the hacker. "These bots can send the entire phone book, the contents of your text messages, and anything you type in," Henderson adds.

Still other mobile bots intercept and replace Internet-based ads with malicious forgeries. The intent is to get users to click on a bogus ad and attempt to make a purchase, according to Henderson, so the hacker can steal credit card data.

Social bots use social engineering, taking control of Facebook or Twitter user accounts and sending posts, tweets, and messages that appear to come from the user to everyone in the contact list.

People are likely to trust and click the associated links, making social bots attractive for delivering viruses, malware, and phishing attacks that collect account information. Hackers profit through ID theft and most any scheme that uses social engineering.

Porn bots generate income through a bait and switch, up-selling approach. Users who believe they are paying to communicate with someone local, receive access to premium adult content instead. Porn bots expose the enterprise to potentially damaging content such as child pornography, which causes legal entanglements, according to James Brown, Chief Experience Officer for JumpCloud

Spam bots leave people with faulty merchandise and all sorts of link-based, secretly insinuated malware from ransomware to rootkits.

Solutions for the Enterprise

These bottom-feeding Internet robots are responsible for a variety of enterprise losses including brand damage and lost revenues from unsatisfactory, counterfeit products. Bots increase the impact of malware, and social engineering through the sheer number of people they can reach almost instantaneously.

Through drive-by threats, bundled malware, and secretly-manifested financial charges, bad bots increase the financial gains of gangsters and hackers in attacks that frustrate consumers and enterprise employees.

Enterprises should monitor network traffic for all uncharacteristic, unexpected, and suspicious network behavior. In particular, traffic leaving servers for anomalous locations such as countries where the enterprise does not do business or to an Internet address that a server does not typically contact should raise red flags, according to Brown.

"Deploy intrusion detection and prevention systems preventing unauthorized outbound connections through corporate firewalls. Ensure that you roll out anti-virus software on all servers," says Brown. Block future outbound connections to complicity IP addresses. Reimage infected servers entirely.

With the BYOD craze comes a balancing act between corporate security and employee usability. The organization should develop a thorough BYOD strategy in response. Saying no to BYOD is no longer an option.

"Our studies say that 50-percent or more of employees, especially younger employees, will ignore a policy that does not permit BYOD. They will try to connect their devices to the corporate network," says Henderson.

It's better to develop a proper BYOD policy and enforce it. It's easier to work with most employees, keeping them happy, and regulating what they can do while addressing a much smaller number of infractions. Then when someone doesn't agree to the policy or abide by it, the enterprise can block the device or sanction the user.

A typical BYOD policy that eases employee, device, and bad bot management permits a limited number of specified devices while requiring some combination of a suite of security software, NAC, and monitoring software. Many enterprises use containerization on the device or technologies that permit access only to a virtual image or representation of corporate data such that actual data never leaves the enterprise perimeter.

The enterprise should be able to satisfy employees who are concerned about data monitoring and privacy.

"Companies need to make it clear that while they have the ability to monitor personal Internet behavior, they don't collect that information or take any action unless there is a breach of corporate data," says Henderson.

Join the CSO newsletter!

Error: Please check your email address.

Tags Fortinetbotssecuritymobile securitytwittermalwaremobile application securityIncapsulaFacebook

More about FacebookFortinet

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Geer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts