Spam in social networks: Mikko Hypponen and Sean Sullivan on new spam issues


We are pleased to present a relevant discussion of the present-day social networking spam issues from a professional perspective. The experts participating in the talk are the famous ‘malware adventurer’ and F-Secure’s CRO Mikko Hypponen, and Sean Sullivan – Security Advisor at F-Secure.

Mikko Hypponen: Sean, what have you been doing lately?

Fake Facebook profile encouraging clicks on a spam link
Fake Facebook profile encouraging clicks on a spam link

Sean Sullivan: Lately I have been researching social networking spam. It was originally back in April, an article picked my interest from this marketing iStrategyLabs: ‘The New Spam – Fake Facebook Profiles’. And from April to somewhere around late May, I actually discovered a bunch fake Fecebook profiles that had existed for months.

They started out by joining Mafia Wars and FarmVille fan pages, making friends, and then when they reached about 4000 friends, about three months into the profiles’ existence, they started spamming iPhone 4 spam.

Mikko Hypponen: So, we are talking about bots probably.

Sean Sullivan: Bots or actually, I think, from the company that was running that one, which was Zen Net Solutions, they seem to be related to a guy in Perth, Australia. They have jobs on their website for Link Builders and Content Creators. So these 3-month-old profiles were some student probably, investing time in creating this resource, to then activate it at a later date.

So, I found it kind of fascinating that they were probably automating part of this using scripts, but they are serious in time invested in creating something that gathers up 4000 friends.

Mikko Hypponen: What’s the actual goal, what are they trying to do with all this?

Snapshot of CPAlead online marketing company’s website
Snapshot of CPAlead online marketing company’s website

Sean Sullivan: Well, they are linked to the spam; a lot of it is cost-per-action spam. Another big company involved – that is – they seem be the ones paying out the most, so they’re the most popular among the affiliates that wish to abuse affiliate marketing. There are also companies: PeerFly, AdscendMedia was another name that was involved.

There’s a lot of different companies that act as middlemen. So, in the old days adware toolbars were the product, and they had direct affiliates.

And now with social networking spam, what I am seeing is there are affiliate networks acting as the middleman for the product or brands, which allows for IP localization. So here in Helsinki, if you visit one of these sites that offer Shoe Survey spam, you’re going to see localized results, so the surveys will be in Finnish if you in Finland, they will be offers to download the Eyeone toolbar if you are in USA.

Mikko Hypponen: So why is all this spam moving from Email to social networks?

Major social networks exploited by spammers
Major social networks exploited by spammers

Sean Sullivan: Social networks is where people are. So 500 million users in Facebook, though, from all the fake profiles I’ve seen, I am wondering how many – you know, maybe there’s only 400 million people in Facebook. But there are many, many millions of people in Facebook, Twitter – you have close to 9000 followers in Twitter. If a Twitter worm can manage to get you to retweet something, that’s 9000 potential audience members to click on the link.

Mikko Hypponen: I actually do believe quite a few of those 9000 followers are bots, not real people.

Sean Sullivan: Yeah, they want to be auto-followed so that they can promote a product or something.
So, I’ve seen spam through the Twitter network, Facebook network, on YouTube – there are videos that are linked to these survey spams – or own product, Adobe products, any kind of product you can think of. The goal of this, if looked at as the purest model that is legitimate – is to offer content that can be unlocked by filling out the survey. I’ve yet to find the original content.

Mikko Hypponen: You always get something like a link to YouTube video.

Sean Sullivan: …Or link to a Torrent site. So, you know, they say: “Hey, download this software”, and when you go through all the steps – “Here is the link to a Torrent site where you can download the software”, and who knows how credible that is. So it’s, in theory, something that can be used legitimately, but every instance I come across is abuse.

Apple’s ‘Ping’ social network within iTunes
aApple’s ‘Ping’ social network within iTunes

So, Facebook, Twitter, Youtube, Zing, Ping. You know what Ping is – it’s Apple’s new Social Network within iTunes. So the first day that that launched, it flooded with spam, which, you know, Apple should really had been ready for, because this is the new place for spammers to target, because this is where people are and people share links, and you get credibility if my friend is sharing something. You get the credibility if “Oh, Mikko has shared a link, I wanna click on that link”.

Here in Finland, recently, on Monday, there was a localized version, right in Finnish, which worked really well because people really weren’t used to seeing these in the small local language in here. The same attack in English for international audience wouldn’t have worked at all. In Finnish it worked surprisingly well.

Because the numbers of the English language, for the same subject line –”Oh my God, look what this follower did when he caught his daughter on the web cam”, in June it might have gotten from 100K to 300K clicks. And now we are seeing people getting used to this, desensitized to it – now you only get tens of thousands of clicks. So, localized in Finnish – 107K clicks, which is actually pretty well. That’s 2% of the Finnish population.

Mikko Hypponen: Although, that story has a happy ending because the Finnish Consumer Ombudsman contacted the actual operators behind this scam. This was basically a scam to get people to subscribe to SMS services, which you would then pay 19 EUR a month for. And the Finnish Consumer Agency contacted the parties and they actually automatically refunded the money back, so people actually didn’t lose their money in that case.

Sean Sullivan: The biller was the facilitator of the billing process. The vendor who actually was the subscription service, hadn’t replied to the Consumer Ombudsman.

Spam 2.0 – the new generation of spam

Mikko Hypponen: That’s correct. But the company that bills the SMS billing system, which is actually Ericsson from Sweden, they refunded the money back, so great job.

Sean Sullivan: Unfortunately, I don’t know if in other countries like the UK they have the similar consumer protection agencies aggressively going after this kind of scammers. But they should.

Mikko Hypponen: So, Email is no longer where spam is, it’s in social networks. Spam 2.0


Please enter your comment!
Please enter your name here