October 31st, 2008
Spammers targeting Bebo, generate thousands of bogus accounts
The concept of building a fraudulent ecosystem by abusing legitimate services only is nothing new, and as we’ve already seen numerous times throughout the year, malicious attackers are actively embracing it. Bebo, the popular social networking site is currently under attack from spammers that are automatically registering thousands of bogus accounts advertising fake online pharmacies, with the campaign owners receiving revenue through an affiliate based program. The automated registration process is made possible through breaking Bebo’s CAPTCHA in a combination with using bogus email registered in the very same fashion. This isn’t the first time Bebo has been targeted by spammers, and definitely not the last.
“Interestingly, spammers have found other uses for the valid email addresses created on sites such as MobileMe (mac.com), by linking these addresses to accounts created on social networking sites, such as Bebo. As can be seen below, a search on Google for Cialis, a drug commonly referenced in spam messages, reveals two accounts on Bebo in the top-five results returned.
Consequently, users of social networking sites are receiving more “buddy” requests from fake profiles wishing to connect. This approach works well because traditional anti-spam solutions are unable to differentiate between these requests and genuine ones. The buddy requests appear genuine as they are from the real social networking site and consequently their headers are intact and correct. Moreover, the email addresses attached to the profiles are also valid, albeit they have been created fraudulently. Often, the only visible clues may sometimes be the random arrangement of letters in the user name portion of the email address.”
Approximately 30,000 bogus profiles have been generated for October alone. Why Bebo at the first place? As always, Bebo isn’t targeted exclusively, but in between other social networking sites and blogging platforms, since from a blackhat search engine optimization perspective, the more popular the abused service the higher the visibility and shorter the timeframe for search engine crawlers to pick up their bogus content. The potential for abuse here is enormous, since once the profiles start acquiring traffic, the spammers could and will easily start selling the traffic through a traffic exchange program created exclusively for malicious purposes like redirecting to live exploit URLs, and rogue security software.
Direct CAPTCHA breaking or outsourcing the process to humans in order to make such spam campaigns across social networking sites possible, is only going to get more efficient in 2009.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
