Spamming Social Networks

June 30, 2011

The security software company Symantec, publishers of Norton Anti-Virus and many other products, has posted an interesting report on its official blog about the recent growth in spam focused on social networks.  The firm monitored and analyzed social network spam for three popular sites — Facebook, Twitter, and YouTube — from April 1  through June 15 of 2011.

During this period, Facebook-related spam made up 40% of the total sample, Twitter-related spam made up 37%, and spam related to YouTube made up 23%.   The mix of attacks, however, varied through time.  There was a distinct pattern of a sharp increase in attacks on a particular site,sustained for perhaps 15-20 days, then a decline, and a switch of attack target to another site.   The spammers may launch an attack on, say, Facebook users, and work it hard for a short time, then switch to a different target, say Twitter,  when word spreads about the Facebook attack.

The spam tends to follow a pattern that will be very familiar toanyone who has worked in this area.

Social network spam uses legitimate email notification templates from the social networking sites. The message alleges that the user has some unread messages or pending invites and a fake link is provided. The bogus link will direct users to a website that forces the download of malicious binaries, purports to be selling cheap enhancement drugs and replica products, pushes fake gambling casino sites, or advertises online adult dating sites

The principal country of origin is the US; many of the messages appear to come from compromised machines  used in “botnets”; some also comes from apparently compromised individual accounts.  Many of the spam E-mails  purport to be notifications of pending notifications or messages on the social networking site.

Needless to say, the immense growth and popularity of these networks makes them attractive to spammers.

%d bloggers like this: