CyberInsecure.com

Facebook And Myspace Are Being Link Spammed

Spammers have found a fertile new marketplace on social networking sites such as Facebook and MySpace. Fortinet, a security research group warns about hijacked Facebook accounts posting deceptive messages on Wall.
Like most social networking sites, Facebook has a “Wall” feature, allowing users to post comments on friends’ profiles. This is currently being exploited by spammers to post deceptive messages, linking to typical spam sites such as (but perhaps not limited to) online “pharmacy” shops.

Spammers are using genuine users profiles to disseminate these messages and are buying or ‘renting’ these identities from online thieves. Account of a user who was verified to not be a spammer getting hijacked by identity thieves. It involves phishing attacks, deceptive messages that attempt to trick users into handing over their login credentials to hackers. A phishing worm was spotted spreading on Facebook earlier this year and both incidents may be related.

The Fortinet Global Security Research Team advises social networking site users to be wary of phishing attempts: when confronted by a login page or upon clicking a link contained in a friend’s message, carefully check the login page URL. Legitimate login pages are hosted on the original social site domain (here, Facebook.com), while rogue login pages cannot be. Mental tricks may sometimes be utilized to trap users, for example, Facebook.com.xiefbnh.cn, Facebook-login.com, Facebopk.com, etc.), as it is frequently the case in phishing schemes.

Please note that although this has been rarely seen on Facebook so far, it is fairly common on MySpace. One of the spammed links has been confirmed to resolve to a web host that also serves content for several pill pushing sites, involved in a criminal fraud ring. Included in this ring are pharmacies from Canada.

Spambots on MySpam have recently begun using more sophisticated techniques, net security firm Websense reports. Malformed profiles are created in such a way that they hide all of the real MySpace profile areas. Surfers clicking on these expecting to view pictures or messages are instead met with content from spammed sites or worse.

This technique can easily be adapted for malicious purposes, such as drive-by installers, MySpace phishing, and so on. MySpace has a built-in security feature to catch form submissions to other sites. However, it seems to be reliant on a ‘Submit’ button being present to trigger the form. Having the warning there is a good, proactive security measure, but if the warning is bypassed, then it does no good.

Beyond that, wall posts containing links must be handled with care. While hijacked accounts have not been proved to be utilized for anything beyond posting relatively innocuous spam, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point. Following links contained in wall posts is therefore not recommended.

Share this item with others:

Posted in Phishing, Spam |  Print This Post