Malicious Activity on Social Networks continues to Thrive

Malicious Activity on Social Networks continues to Thrive –New study shows targeted attacks disguised as LinkedIn invitations have a twice as high click-through rate New research published this week reveals that one of the most successful methods of hitting a company with a targeted attack is to disguise it as a simple LinkedIn email. This comes as no surprise really, as the network boasts a large number of business users (and we’ve tracked LinkedIn spam targeting business users dating back to 2011 – How a LinkedIn notification could empty your bank account). It also comes as no surprise that the study calls out one of the biggest problems with LinkedIn is the growing number of fake profiles. Our Barracuda Labs team is no stranger to this “fake profiles on social networks” phenomenon, having published numerous studies on the topic over the years: -Twitter Abuse: Trends and Stats: https://barracudalabs.com/wp-content/uploads/2012/06/BarracudaLabs_TwitterAbuse.jpg -Twitter Underground Economy: https://barracudalabs.com/wp-content/uploads/2013/06/InfoGraphic_Twitter.jpg -Fakebook: Fake Profiles vs. Real Accounts: https://barracudalabs.com/wp-content/uploads/2013/06/Facebook_infographic.gif Most recently, and most relevant to LinkedIn, Dr. Jason Ding, research scientist with Barracuda Labs, presented at Black Hat 2013 in Las Vegas. During this talk, he introduced the idea of “Social Klepto” which explores the growing number of fake accounts on LinkedIn and how those accounts can be used for corporate espionage. He also introduced a free tool developed by our Barracuda Labs team that LinkedIn users can use to help control their privacy settings. More on that in just a bit. Ding explained,  “Based on an earlier survey we conducted, Social Networking Security & Privacy (pdf), LinkedIn is the least blocked social network – at 20% – compared to other social sites such as Facebook and Twitter, and LinkedIn has the least amount of users who felt unsafe – at 14% – on the site.” He went on to say, “These numbers tell us that people tend to trust information received from LinkedIn more than other social media platforms. With that in mind, it is not surprising that LinkedIn invitations have higher click-through rates compared...

read more

Q4 2013 Update on Twitter Abuse Trends and Stats

Nov 01, 13 Q4 2013 Update on Twitter Abuse Trends and Stats

Posted by in Research, Social Networking

For the last several years, we’ve monitored security threats and trends on social networks like Facebook and Twitter and published reports. Every few months we present a summary of our latest findings. One of our efforts has been around understanding the presence of fake user accounts on social networks that are often used to spread spam and malware. Lately, fake accounts are not only used for malware distribution but they are also monetized by selling them as followers. Here is our latest infographic  that highlights key stats about the state of fake accounts on Twitter and other attacker trends.   Key statistics The first stat is a measure of the size of the market for fake followers. We measure this as the number of eBay sellers offering Twitter followers for sale. There are currently 52 sellers on eBay selling Twitter followers. This is up from 20 in June 2013. The second stat is the average price per thousand followers. The current price is $11 per thousand followers down from $18 per thousand in June. The third stat that we show here is a measure of how many followers people are buying.  The average that we measured in June was 52,432 followers per person that purchased fake followers. Now the average is 48,885. Latest Attacker Tools and Trends We also look at the recent habits of Twitter abusers. Trend #1: AUTOMATED TWEETS Most fake accounts automatically tweet through Twitter.com instead of using a third party or mobile app. 98% of tweets from fake accounts are sent via twitter.com vs 24% of tweets from real accounts. Trend #2: DUPLICATED PROFILES 63% of Fake Accounts are created by duplicating profiles from real users. We cover this in more detail in this blog post from July. Trend #3: SPAMMING USING TWITTER LISTS Attackers add victims to a Twitter List to get their attention and then the list description advertises a spam URL. We have seen new spam accounts add over 90,000 people to a list within the first few...

read more

Twitter List Spam: Latest Tool in the Spammers’ Bag of Tricks

Sep 18, 13 Twitter List Spam: Latest Tool in the Spammers’ Bag of Tricks

Posted by in Research, Social Networking, Spam

It is just another day at work. Everything is smooth until my very informative colleagues forwarded me a tweet they ran across where a Twitter user was added to a seemingly suspicious list: This quickly aroused our attention, as a new phenomenon happening online. The trick is simple: spammers add your Twitter handle to their lists. This might sound trivial, but there is no limitation on doing so. In this particular case, the spammer uses a shiny title – “Miley Cyrus Sex Tape” – conveniently timed to recent trending news. We decided to investigate a bit further and found some interesting results. The list owner (@MileyCyrusSexT3) has created many lists and added thousands of members to these lists — specifically, 21 lists with 91,383 members. What is interesting, is that this Twitter account itself was created today at 9:27am, only a few hours ago.   The spammer also embedded the spamming message in the description of the Twitter list. For example, in this case, this “Miley Cyrus Sex Tape” list had a bit.ly shorten URL ([hxxp]://bit.ly/MileyCyrusLeakedTape), which points curious readers to a web page that has a video that is covered by a service offer window—requiring visitors to subscribe to a service to unlock the video. Once a user is added in a list by someone, he/she may receive a notification. Hence, many famous Twitter users may be flooded by tons of these adding notifications. There is no way to block such activities, as Twitter allows users to create lists that can include any accounts, without any permissions (i.e., no need to follow them or get them to follow back). Detailed list usage is here. We quickly checked a few other top Twitter accounts and found that there are at least three spamming campaigns going on right now using this technique:  a) Miley Cyrus Sex Tape, b) Amazon Gift Money, c) Paypal Money Hack.  See the following screenshots.   For now, the temporary solution is to manually block any lists owners who might add you to one of...

read more

Twitter Underground Economy Still Going Strong

Jul 01, 13 Twitter Underground Economy Still Going Strong

Posted by in Research, Social Networking

— New trends of fake Twitter profiles and why fake checking websites failed It has been ten months since our first discovery on the Twitter Underground Economy and the fake social account market as a whole. This topic continues to gain momentum, and the financial motivations of this multimillion-dollar business remain clear (as shown in these recent mainstream media articles: Fake Twitter Followers Become Multi-million-Dollar Business and AP Twitter Hacked leading to a brief stock market crash with 100+ billon dollars damage). Since our first analysis and report, we at Barracuda Labs have continued to monitor this activity across multiple social networks. Twitter continues to be the largest offender (or victim) with its underground economy for buying and selling fake social accounts. As part of this experiment, we once again began our investigation by searching on eBay, Fiverr and Google for vendors who sell Twitter followers. Then, we selected several of the vendors with varying price rates for purchasing followers, and spent about $100USD to make a few purchases. After these followers were delivered to our controlled Twitter accounts, we used Twitter API to collect their information and conduct deeper statistical analysis. Because the fake accounts are from multiple data sources, the resulting data characteristics are also different. For this purpose of presenting the results of this study, we selected one dealer who is most representative, sophisticated and interesting, and report the analytic results based on data collected from that dealer. Similar to our previous study, we have organized the results into three groups: (1) Dealers (hackers or vendors who sell Twitter followers), (2) Abusers (Twitter users who bought or had fake followers), and (3) Fake Accounts (created by dealers for selling followings or tweets business). Dealers (hackers or vendors who sell Twitter followers): 52 eBay sellers are found selling Twitter followers; 55 websites are found in the Google top 100 results when searching “buy twitter followers” (and 49 of those websites are new ones); astonishingly, 6400+ Twitter followers services are found on Fiverr.com....

read more

Facebook Timeline Remover: Works, but Malicious –90,000+ Chrome users may get their browser hijacked

Aug 30, 12 Facebook Timeline Remover: Works, but Malicious –90,000+ Chrome users may get their browser hijacked

Posted by in Phishing, Social Networking

By Jason Ding – Research Scientist In the beginning of this year, Facebook started rolling out a more interactive and dynamic UI called “Timeline” to all its users. But, not every user on Facebook was happy about this upgrade. In typical fashion the scammers took notice, promising to remove the Timeline style and revert it back to the traditional view if a user installs some “helpful” apps or browser plugins (normally named “Facebook Timeline Remover” or something similar). Fortunately at the end of May, the security community quickly identified this innovative scam and warned general Facebook users that these fake apps or plugins are malicious and users should not install them. So the problem seemed to be solved. But, is it true? At Barracuda Labs, we constantly monitor the security and threat trends around social networking platforms in order to better protect our 150,000 customers. We revisited this Timeline Remover scam recently and were surprised by how much activity is still out there. First, there are at least 6 Chrome plugins in the Google Chrome Web store, and the total number of users is around 764,000. Details of these Chrome plugins are below. Potential “good” ones: URL https://chrome.google.com/webstore/detail/dnedfaenfnkikficknkklbdedlecmpgc Details Name: TimelineRemoveWebsite: http://www.timelineremove.com/ Permission Access data on *.facebook.com, Read/Modify Bookmarks, Access tabs and browsing activity Stats Aug 24th: 567,271 users, 1.4K Google+, 350 reviewers, 4.31/5 starsAug 27th: 603,615 users; Aug 29th: 612,183 users   URL https://chrome.google.com/webstore/detail/nkcokgbocjdimlmboepiomecihakbinp Details Name: Facebook Timeline Remover & Disabler – RemoveWebsite: http://layouts-skins.com/facebook-layouts/fb-timeline/fb-timeline-remover-disabler-how-to-remove-fb-timeline/ Permission Access data on *.facebook.com, Access tabs and browsing activity Stats Aug 24th: 40,701 users, 61 Google+, 27 reviewers, 3.56/5 startsAug 27th: 40,300 users; Aug 29th: 40,261 users   URL https://chrome.google.com/webstore/detail/aoapcfbfcfdggenjdfmlaienknnbijbj Details Name: Facebook Timeline Remover & Disabler – RemoveWebsite: http://layouts-skins.net/facebook-layouts/fb-timeline/fb-timeline-remover-disabler-how-to-remove-fb-timeline/ Permission Access data on *.facebook.com, Access tabs and browsing activity Stats Aug 24th: 21,612 users, 157 Google+, 42 reviewers, 3.6/5 stars,Aug 27th: 21,376 users; Aug 29th: 21,430 users   Bad ones: URL https://chrome.google.com/webstore/detail/efegkamagjpaioecemiekbhdgehlnaoe Details Name: Disable Timeline on FacebookWebsite: http://www.removeyourtimeline.com/ Permission Access data on all websites, Access tabs...

read more

The Twitter Underground Economy: A Blooming Business

— A study on Dealers, Abusers and fake Twitter Accounts by Jason Ding, Research Scientist Many people dream of becoming popular or famous, and Twitter provides an outlet to make this possible. Most Twitter users try the standard way to get popular and gain followers: constantly tweet funny quotes or comments, discuss breaking events, or disclose information that many people want (like Guy Adams did). However, some Twitter users look for unusual ways to make themselves appear more desirable and become popular faster. One of these ways is buying Twitter followers, which right or wrong, is a significantly growing trend. At Barracuda Labs, we consistently find and study fake profiles on social media platforms (reference our study on Facebook Fake Profiles at http://barracudalabs.com/fbinfographic/) in order to better protect our 150,000 customers from being phished or harmed. For the past 75 days, we have been investigating the business of trading Twitter followers on eBay and other websites searched from Google. As it turns out, this underground economy on Twitter is blooming! The results show that this Twitter business is growing very fast to form a series of underground markets. For quick snapshot, please refer to our most recent infographic, The Underground Economy of Buying Twitter Followers at http://barracudalabs.com/underground/. The Study As part of this study, beginning in May 2012, our team set up three Twitter accounts and purchased between 20,000 and 70,000 Twitter followers for each of them from eBay and another website searched from Google. After collecting these followers’ profiles via Twitter API, as well as additional information from eBay sellers and Google search results, we found many interesting highlights of this business, summarized as follows  into 3 categories. Dealers (those users who create fake accounts and sell followings): There are 20 eBay sellers and 58 websites (within top 100 returns of searching “buy twitter followers” in Google) where people can buy (fake) followers Twitter username is used to purchase, no authentication is required The average price of buying 1000 followers is $18 A...

read more