Spammers targeting Bebo, generate thousands of bogus accounts

Spammers targeting Bebo, generate thousands of bogus accounts

Summary: The concept of building a fraudulent ecosystem by abusing legitimate services only is nothing new, and as we've already seen numerous times throughout the year, malicious attackers are actively embracing it. Bebo, the popular social networking site is currently under attack from spammers that are automatically registering thousands of bogus accounts advertising fake online pharmacies, with the campaign owners receiving revenue through an affiliate based program.

SHARE:

Bebo CAPTCHA SpamThe concept of building a fraudulent ecosystem by abusing legitimate services only is nothing new, and as we've already seen numerous times throughout the year, malicious attackers are actively embracing it. Bebo, the popular social networking site is currently under attack from spammers that are automatically registering thousands of bogus accounts advertising fake online pharmacies, with the campaign owners receiving revenue through an affiliate based program. The automated registration process is made possible through breaking Bebo's CAPTCHA in a combination with using bogus email registered in the very same fashion. This isn't the first time Bebo has been targeted by spammers, and definitely not the last.

"Interestingly, spammers have found other uses for the valid email addresses created on sites such as MobileMe (mac.com), by linking these addresses to accounts created on social networking sites, such as Bebo. As can be seen below, a search on Google for Cialis, a drug commonly referenced in spam messages, reveals two accounts on Bebo in the top-five results returned.

Consequently, users of social networking sites are receiving more “buddy” requests from fake profiles wishing to connect. This approach works well because traditional anti-spam solutions are unable to differentiate between these requests and genuine ones. The buddy requests appear genuine as they are from the real social networking site and consequently their headers are intact and correct. Moreover, the email addresses attached to the profiles are also valid, albeit they have been created fraudulently. Often, the only visible clues may sometimes be the random arrangement of letters in the user name portion of the email address."

Bebo CAPTCHA SpamApproximately 30,000 bogus profiles have been generated for October alone. Why Bebo at the first place? As always, Bebo isn't targeted exclusively, but in between other social networking sites and blogging platforms, since from a blackhat search engine optimization perspective, the more popular the abused service the higher the visibility and shorter the timeframe for search engine crawlers to pick up their bogus content. The potential for abuse here is enormous, since once the profiles start acquiring traffic, the spammers could and will easily start selling the traffic through a traffic exchange program created exclusively for malicious purposes like redirecting to live exploit URLs, and rogue security software.

Direct CAPTCHA breaking or outsourcing the process to humans in order to make such spam campaigns across social networking sites possible, is only going to get more efficient in 2009.

Topics: Social Enterprise, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Your site gets overwhelmed then it's gone

    I smell Google here.
    BALTHOR
  • The imaginary economy of the Internet

    I thought that a lot of trash had been cleared away from the dot.com bust years earlier, but it seems that there is still a lot left over.

    The internet still has a lot of "imaginary accounting" going on, where people count clicks, trade traffic, share revenue from link-farming, you name it. It's kind of like Wall Street in a way; you ask the people involved "Where does the cash come from?" and you get funny looks and pained expressions. Does it come from selling a real product? Probably not. Does it come from a scam or fraud? Sometimes. Does it come from naive marketers who are paying for SEO services or ad campaigns, and are getting illicit operations instead? Sometimes.

    I don't know what the answer is, but I think that far too much "legitimate" money from "legitimate" sellers are getting diverted to criminal activities. Until their marketing funds are more carefully used and kept away from scam tactics like SEO manipulations, we are still going to have these problems.
    terry flores
  • RE: Spammers targeting Bebo, generate thousands of bogus accounts

    Very interesting!
    TheBrainchildGroup
  • May need to rethink automatic sign ups

    If this problem continues to grow (and I don't see any reason why it won't) companies may need to rethink automatic sign ups. They may have to do it the old fashioned way using the double opt-in system. A person applies for an account and fills in the form. An email is generated first to verify the email address and gives a unique link that needs to clicked to complete the sign up. If anything, this will slow down the process and hopefully, since time = money, the miscreants will go somewhere else.

    Sure it will "inconvenience" the people who want instant gratification but maybe an explanation about why this is necessary will suffice.
    mystic100
    • Sounds Good to me

      Double opt in is the way to go. If Bebo is afraid too many users will be scared by that SMALL extra effort to sign-up, then they do NOT have a useful business model.

      It really is that simple.
      mejohnsn
  • RE: Spammers targeting Bebo, generate thousands of bogus accounts

    Great!!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut