5. How spammers compromise user accounts and how they succeed: - Identification of spam bots
Many social networking site users aim to increase their popularity by adding people they do not know. One of the less technically dangerous security threats emanating from the world of Social Networking is the traditional attempt to phish for users login credentials. The attacker sets up a website that is identical to the login page of the targeted social network site and then spams a link to it via email or messages purportedly from the Social Network itself. The attacker can then abuse the login credentials that they have gained in numerous ways:
• Sell the credentials on the black market
• Gather ...view middle of the document...
Spams are usually sent from network of computers controlled hackers called botnets. These are created by specialized hackers and are also rented out to spammers by the house. The going rate for botnets has been from $300 to $700 per hour. The going rate for botnets has been from $300 to $700 per hour. Botnets are frequently used for so-called Denial of Service (DoS) attacks where hackers demand money to stop bombarding a specific website with requests, making it unavailable to its intended users. In the second half of 2006, an average of 5,213 DoS attacks were recorded per day. The US was the target of most attacks accounting for 52% of the worldwide total. In 2010, Spain topped the bot ranking with 44.49% of all infected computers, according to net-security.org. Next in the ranking, although a long way behind with 14.41%, comes the United States, followed by Mexico (9.37%) and Brazil (4.81%).
Pinterest, a fast growing social networking website which works like a virtual scrapbook filled with pictures of outfits, recipes and other things users like has creeping problems of spammers who use the site to make their money off its advertising potential. The fake accounts are operated by bots to send out spams. Pinterest is a natural e-commerce and marketing platform as posts can also include links to other websites where items can be purchased. But fake accounts, formatted to crowd out other content and drive links to advertised products, is posing a problem for the site. The scam also takes root by sending a phishing-style Pinterest email claiming that a friend or a popular personality has shared a link. Clicking on the image in the email could compromise user information to the hackers
One of the pininterest spammers in an interview quoted that “He makes 1000$ a day out of spamming by creating multiple fake accounts to manipulate the algorithm that tracks a post’s popularity. The more users “re-pin” an item, the more prominently it appears on the site, rising to the top of the “Popular” tab. The trick? -- Each post has an Amazon.com button; if real users notice the posts and click through to buy, the spammer who designed the fake account with the button gets a referral fee from Amazon. Amazon’s Affiliate program has been in place for a while, but social media marketing is allowing some people to game the system. [theglobeandmail.com]
6. E-mail spam & Social media spam:
E-mail spams are a mode of electronic spams where identical messages are sent to numerous recipients through email. Clicking on these links might redirect the users to phishing websites. The only difference between email and social spam or fraud is that in social the platform itself can make an attack much more viral. When someone gets a spam message over email, it only affects that person. When spam is posted to social page, it affects everyone. In any social networking site all messages, including spam, originate from accounts registered at the same site. In contrast, email...