In newspaper circles, when a correction to a story has to be written, a rule of thumb used by many organizations is to omit the original mistake from the correction. That’s not to eschew embarrassment, although it often works out that way, but to avoid printing the incorrect information twice. Bad information, you see, has a way of sticking to little gray cells when it’s the first to arrive in the information marketplace. Repeating it, even in a correction debunking it, tends to add to its stickiness.

That seems to be the case with the recent hullabaloo over the “dislike” button in Facebook.

Members of the vast Facebook social network have the ability to click a button when they “like” a posting they see in their news feeds, but unlike other websites that solicit mob opinion on their content, Facebookers can’t show their displeasure with what they see on the network. That omission has vexed more than a few of the Facebook faithful, including columnist Dan Tynan.

          “Like many people of an inherently cynical nature, the fact Facebook only allows you to express your ‘Like’ on various topics, posts, and advertisements irks me,” he wrote. “I know I’m not alone, and so do Facebook scammers, which is why the latest viral ‘Dislike button’ scam has spread so quickly.”

As many popular scams begin on Facebook, a member sees a message with an enticing pitch. In this instance, it was “I just got the Dislike button, so now I can dislike all of your dumb posts lol!!” or “Get the official DISLIKE button NOW!” Included with the message is a shortened URL, so victims don’t know where they’re going when they click on it.

Clicking on the short URL in the Dislike message displays a screen for installing the Dislike Button. When members attempt to install the feature, they’re asked to give their permission to allow the app to access their basic information, post to their “walls” and access their data at any time, which pretty much opens the door to the chicken coop for the foxy spammers.

Once they have access to your Facebook information, the spammers use the member’s information to promote–under the member’s name–the Dislike Button to all the member’s friends.

Meanwhile, the member still doesn’t have a Dislike Button. Before he or she gets the button, they must fill out a survey, which makes the scammers some cash. After finishing the survey, the member is sent to a website where they can install a browser add-on called Dislike Button. The app began as a Firefox add-on, but now it can be downloaded as a executable file that will work with Chrome, Internet Explorer and Opera. Support for Apple’s Safari browser is in the works.

What got lost in all the hubbub about the scam, though, was the fact that the Dislike Button is a legitimate add-on. Its makers, FaceMod, were being victimized by the scammers as much, if not more, as Facebookers clicking on the URL in the fraudster’s pitch message. Unfortunately, the maker’s message was lost in the digital din that erupted when the scam was revealed by a malware fighting firm.

          “Recently, the Dislike Button has been mentioned in several articles, blogs and tweets, in conjunction with a scam, which silently sends the link to users’ Facebook friends, and requires the user to then take an online survey, which makes money for the scammers,” FaceMod wrote on its website. “Due to the high demand for the Dislike Button,” it continued, “unaffiliated people and/or groups are attempting to monetize FaceMod’s products by re-directing to online surveys. FaceMod does not require a user to fill out a survey, is not affiliated with this Scam and urges users to avoid unofficial posts.”

For the sake of clarity, FaceMod’s add-on only works with other Facebook members who have installed the app in their browsers. In other words, if you click “dislike” and the person who posted the item you disapprove of doesn’t have FaceMod’s software installed in their browser, they won’t see your thumbs down.

Initially, FaceMod sent a message to a person when a user of its app gave the thumb’s down to an item, but it removed that feature–although the company’s website still says it’s there–after receiving complaints from people who received what could be interpreted as spam messages announcing they’d been “disliked.”

Trust to spammers is like blood to a tick.

If a spammer can get a target to trust them, then they’re 90 percent home in completing their manipulative mission. That’s why spammers have increased their activity on social networks. A member of a socnet is much more likely to trust a message from a “friend” than they would an email with dubious origins.

But frequently socnetters aren’t very careful whom they befriend, as some anti-spam researchers discovered with an experiment aimed at Facebook, which has about five percent of the world’s population in its membership.

The researchers, who presented their findings at the MIT Spam Conference held in Cambridge, Mass. recently, explained how they enticed Facebook members to blithely accept perfect strangers to enter their inner circle of acquaintances on the social network.

The group, led by George Petre, of BitDefender, began their experiment by setting up bogus profiles on Facebook. The profiles fell into three categories. One had very little information about its subject; another had a little info on its fake creator; and the third had detailed data in it.

After setting up the profiles, the researchers used them to join popular groups on the service. A group can be created around almost anything–a TV show, a celebrity, a company, a product and such. Once nested in a group, the boffins started sending out friend requests to its members, hoping the credibility of the group would rub off on those requests.

According to the researchers, Facebook groups are a popular target for spammers. For example, following the earthquake earlier this year in Haiti, a group was formed that claimed Facebook would donate a sum of money to relief efforts for every person that joined the group. Two million members joined the group before Facebook discovered the scam and shut it down. Meanwhile, the group was used to spam the people joining it.

Continue reading Spammers turn hungry eyes on socnets»

The end user is the weakest link in the security chain, and as new generations enter the workforce the awareness of security risks decreases.

A study by security researchers has found that only 14% of Generation Y (adults aged 18-24) rate identity theft as their top security risk.

The company says:

The fact that 18-24 year olds have different attitudes towards security and are much more open about putting their personal details online, heightens their vulnerability to theft.

Cyber criminals are focussing a lot of attention on social media sites because they are such a target rich environment, while at the same time they often have the least security measures in place to prevent their users from becoming victims of an attack.

This  month Facebook users were subject to a massive spam run that sent fake password reset messages to millions of users.  The attack is intended to infect the victim’s computer with a Trojan horse to steal passwords, data, and put the computer under the control of a botnet.

These types of blended attacks are also becoming more personalized, using the information about themselves that people make public, as well as more targeted, as seen in the Google hack in which specific individuals were targeted due to their proximity and relationships with the key people who would have access to the data sought by the attackers. Continue reading The Weakest Link is Getting Weaker»

Classmates settled with members for $9.5 million.

Millions of netizens hounded every day by spam from Classmates.com must have felt a measure of vindication last week when the company agreed to settle for an estimated $9.5 million a lawsuit leveled against it by its members.

What prompted the lawsuit filed in federal district court in Seattle was Classmates’ practice of sending emails to registered users telling them one of their schoolmates from the past was looking for them. If you want to see who’s allegedly trying to contact you, though, you needed to upgrade your membership to the “gold” level at $39 a year. (Currently, those memberships are being deeply discounted to $9.95) Problem was, after upgrading their memberships, people were finding no one was looking for them at all.

Under the terms of the settlement of the class action lawsuit initially filed in 2008, everyone who upgraded to a gold account after receiving an email enticing them to do so to see  a classmate who signed their “guestbook” has the choice of receiving $3 in cash or a $2 credit when they renew their membership. It’s estimated that could affect an estimated 3.16 million members.

In addition, all paying and non-paying members who have joined the outfit since Oct. 30, 2004 must be offered a $2 credit should they decide to renew or buy a gold account.

What’s more, Classmates must pick up the legal tab for the members who sued it, which amounts to $1.3 million, and will be restricted, through an injunction, for two years on how it can use the term “guestbook” and must clarify how guestbooks at the site work.

Continue reading Classmates settles spam suit»

British ISPs have reacted strongly to the suggestion of Trend Micro CTO David Rand that the ISPs should actively combat the problem of spam on the internet.

Rand’s suggestion is the blocking of TCP port 25 (the port used for SMTP, or email, communications between servers on the internet), making contact with customers who they suspect may be the source of spam outbreaks, as well as stronger government legislation.

The legislation idea has merit, after all the lack of cooperation between government agencies is how many international spam operations manage to go unpunished.  The blocking of SMTP on the other hand is impractical and costly to implement, both from a technical and a service perspective.

The basis of the idea is this.  Customers send mail using SMTP, therefore by blocking SMTP and requiring that customers send mail via the ISP’s mail servers allows close monitoring of email traffic and detection of spam.

The solution is problematic though because many ISP customers, both home users as well as businesses, have perfectly good reasons to not send their email via their ISPs mail servers.  These customers would need to be unblocked from using SMTP, and hence cannot be closely monitored.

The monitoring itself also presents two problems – firstly customers object to having their email correspondence inspected by other parties including their ISP.  Secondly, any false positives could have disastrous consequences if important emails were blocked.  ISPs do not want the exposure to liability if they block an email that results in monetary loss for the sender or recipient. Continue reading ISPs Don’t Want to be Spam Cops»

Business Week reports that a study by researchers in New York reveals that as many as one in five young, overweight people have been a victim of email spam.

The study revealed some interesting statistics:

• 88% of overweight individuals reported receiving spam pitching weight loss products, compared to 73% of other respondents
• 42% of overweight individuals said they opened the spam, compared to 18% of other respondents
• 18% of overweight individuals said they bought products promoted in the emails, compared to just 5% of other respondents

Firstly why do overweight people receive more weight loss spam?  One theory is that these people are visiting more web sites on that topic than other people, and therefore end up in marketing databases.  This means that the spam is either coming from the website owner, or another party that is given access to the database of email addresses.  This access may be either from selling the list or by using co-registration, which is a legitimate lead-sharing strategy that is often abused by spammers.

For any email marketer a 42% open rate is outstanding.  It means that the subject line for the email was very effective at enticing the recipient to open the email and read more.

For a spammer sending 1,000,000 emails 42% open rates do not mean 420,000 people opened them.  Most of those recipients will never receive the spam due to anti-spam protection on their email server or their computer.  But even a 1% penetration could mean several thousand people open the email.

Finally the conversion rate for overweight people is very good at 18%.  Several hundred conversions of a weight loss product likely to cost $50-$200 is a good day’s pay for the spammer. Continue reading Weight Loss Scams Reveal Why Spam Works»

New Koobface variant exploits holiday spirit.

Malware miscreants have traded their black hats for Santa hats with their latest escapade targeting the 350 million member Facebook community.

Security experts have spotted a new variation of the Koobface worm that gives its prior social engineering techniques a holiday twist to lure Facebook users into its wicked web.

The new variant, Koobface.GK, posts a link to a Christmas video on the message wall of a Facebook user. When a social networker clicks the link, he or she is taken to a bogus video player. Clicking the play button on the spurious application produces no video, but it does download the worm to the clicker’s computer.

The malware then produces a captcha screen that threatens to shutdown the user’s computer if the captcha form isn’t filled out within three minutes. When the captcha form is filled out, the shutdown message appears again. Each time the form is filled in, a new domain is registered where infected files will be hosted. In that way, the worm propagates itself.

If a target decides not to act within three minutes, nothing will happen. However, his or her computer will become unresponsive. According to White Hats, a clean install of Windows isn’t needed to recover control of a computer infected with the worm. Presumably, the problem could be eliminated by pulling the power plug on the machine and rebooting into a state where a virus scan could be conducted on the computer or the box could be restored to a point before it was infected.

Continue reading New Koobface worm duping Facebook users»

Black Hats are finding social networking sites attractive targets for mischief.

As social networks like Facebook, MySpace and Linked-in have gained popularity among Web surfers, they’ve also attracted the attention of the Internet underworld. That’s because the likelihood of infecting a computer with malware distributed through a SocNet is much better than conventional email methods. How much better? Some security experts reported earlier this year that infection success rates were as high as 10 percent for malicious code circulated through a social network. That’s 10 times the infections that could be expected from an email spam campaign.

As Black Hats have turned their attention to SocNets, they’ve begun experimenting with going beyond exploiting the sites for distribution of bad apps and using the webposts for activities such as issuing commands and controlling the operation of botnets.

Just last week, security researchers uncovered a Trojan, dubbed Whitewall, that could use Facebook to coordinate its nefarious deeds. The sinister software is circulated by exploiting known vulnerabilities in Adobe Acrobat and Microsoft Office files. The documents look legit. They may look like communications from courier companies or headlines from news media.

The malware targets the mobile version of Facebook. It receives its marching orders by reading the notes section of that program. If a note contains the title “Wells,” it will contain a timestamp for when a machine is infected. If it’s “WebServer,” the app will execute a URL contained in the note from which it will receive commands. If the title is “White,” the Trojan will follow a URL to a site from which it will download a pernicious payload. If any other words are in the title, the software will do nothing and wait for further instructions.

Continue reading Why social networking spam reaps more rewards than email»

Last month I joined a new discussion forum.  The owner of the forum decided to charge members a monthly access fee of $1.95.  I gladly subscribed because the value of the forum far outweighs the membership cost.

Now several weeks later and with thousands of members joining the forum I realize the biggest benefit of the membership price – there is no spam.

For the average internet user everything they do online is free.  After they have paid for a computer and an internet connection from an ISP most people will not pay another cent for any of the intangible experiences that the internet has to offer.

Thousands of popular websites offer streaming videos, games, instant messaging and social networking without charging a cent for access.  Email is the ultimate free communication medium, costing nothing to acquire and use.  These services all attract spammers.

Free online services face a difficult challenge in preventing spam.  Their users want free access, but also resist overt monetization efforts by the website owner.  And yet without a revenue stream the websites can’t afford to invest heavily in security and support.  Without the money to fund a developer focus on proactive spam prevention, and a support team to handle reactive spam prevention, the spammers have a large window of opportunity to exploit these free services for their own gains.

The fallback monetization strategy for most of these websites is simple advertising.  MySpace added advertising early on.  YouTube is slowly introducing advertising models to support their massive infrastructure costs.

Facebook’s advertising system has an ironic twist – spammers can indirectly exploit the system by using free Facebook apps and games to gain access to users’ profile information, then use that information to personalize advertisements and target them more closely to certain demographics.  These advertisements are often unethical – for example targeting 15 year old girls to sign up their mobile phone (paid for by their parents) to a ringtone subscription service in order to earn more points to use within a popular Facebook game.

The irony is that so much money is made by the advertiser, who in turn pays fees to Facebook, that the spammers are largely responsible for generating the revenue streams that make it more feasible for Facebook to invest more in security and spam prevention.  Would this problem exist if services such as Facebook were not free? Continue reading Would Spam Exist if the Internet Wasn’t Free?»

Facebook announced on Thursday that it has won its lawsuit against notorious spammer Sanford Wallace. A judge in San Jose, CA awarded the site a $711 million judgement, the second largest in history to be awarded under the CAN-SPAM Act.

“While we don’t expect to quickly collect the full amount, we’ll work hard to get everything we can,” Simon Axten, a privacy and public policy associate at Facebook, said in a statement.

The suit was filed in February and accused Wallace and his accomplices Adam Arzoomanian and Scott Shaw of running a spamming and phishing scheme on the site. The trio sent messages to Facebook members that contained links leading to malicious sites that stole their login info. They used that info to spam everyone on the compromised account’s friends list. In addition to the hefty judgement the three spammers face possible prison sentences.

Wallace is no stranger to the legal system. MySpace won a $234 million judgement against him last year and in the last decade he has been sued by AOL, CompuServe, Earthlink and many other ISPs. He usually ignores the suits and refuses to show up in court. Earlier this year he filed for bankruptcy to avoid MySpace’s attempts to collect their judgement.