Spammers turn hungry eyes on socnets

Trust to spammers is like blood to a tick.

If a spammer can get a target to trust them, then they’re 90 percent home in completing their manipulative mission. That’s why spammers have increased their activity on social networks. A member of a socnet is much more likely to trust a message from a “friend” than they would an email with dubious origins.

But frequently socnetters aren’t very careful whom they befriend, as some anti-spam researchers discovered with an experiment aimed at Facebook, which has about five percent of the world’s population in its membership.

The researchers, who presented their findings at the MIT Spam Conference held in Cambridge, Mass. recently, explained how they enticed Facebook members to blithely accept perfect strangers to enter their inner circle of acquaintances on the social network.

The group, led by George Petre, of BitDefender, began their experiment by setting up bogus profiles on Facebook. The profiles fell into three categories. One had very little information about its subject; another had a little info on its fake creator; and the third had detailed data in it.

After setting up the profiles, the researchers used them to join popular groups on the service. A group can be created around almost anything–a TV show, a celebrity, a company, a product and such. Once nested in a group, the boffins started sending out friend requests to its members, hoping the credibility of the group would rub off on those requests.

According to the researchers, Facebook groups are a popular target for spammers. For example, following the earthquake earlier this year in Haiti, a group was formed that claimed Facebook would donate a sum of money to relief efforts for every person that joined the group. Two million members joined the group before Facebook discovered the scam and shut it down. Meanwhile, the group was used to spam the people joining it.

Within 24 hours, the researcher’s scam began to bear fruit. As might be expected, the more information included in the phony profile, the better the response to its request for fellowship. For the skimpy profile, the researchers received 85 acceptances from members; for the moderate profile, 108; and for the detailed one, 111.

Occasionally, members would message the researchers asking for additional information about the fictitious person requesting friendship. Although the researchers ignored those messages, many of those correspondents approved the friendship request anyway.

Social networks typically have messaging systems that allow their members to communicate with each other privately. Facebook has such a system, and it scrutinizes the traffic in it. But, the researchers found, the filters applied to that traffic seemed better suited for identifying phishing attacks than catching spam.

We don’t know how familiar the researchers were with Facebook’s workings, but there’s another kind of profile that would have been interesting to test. It’s one where the maximum security settings are applied to the profile. When a member tries to access that kind of profile, they receive a message saying the creator of the profile only allows friends to see detailed information about them. Such a profile might even be more effective than a detailed profile because it makes the author appear to be security conscious, and it piques the curiosity of the target to find out more about this mystery person who wants to be their friend. Maybe the next bunch of researchers probing Facebook’s vulnerabilities will test that hypothesis.

As the experiment continued, the researchers found that acceptances began to accelerate. They attributed that to the power of mutuality. Once someone accepted a counterfeit profile as a friend, the profile would appear as a mutual friend to all the acquaintances of that someone. If a member receives a friendship request from someone who is friends with someone who is already friends with the member, the researchers discovered that there was a 50 percent chance that the friendship request would be approved.

Once the researchers had a band of followers for their fictive profiles, they posted a link, without any comments, on the walls of the profiles. The link could have led anywhere–to a phishing site, a driveby malware Webpost or any number of dens of maliciousness in cyberspace–but 25 percent of the friends of the profiles followed the link blindly.

If the experiment by these researchers illustrates one thing, it’s that psychology is becoming increasingly important to junco artists, especially those targeting social networks for distribution of spam. Spam and malware companies are actively recruiting people with backgrounds in psychology, University of Akron professor of computer science and chair of the MIT conference Kathy Liszka told Technology Review.