In case you hadn’t noticed, spam and phishing attacks through the social networks has been on the rise. Security company Symantec released a report yesterday detailing socially-engineered attacks to determine where they are coming from and what techniques malware criminals are using to lure victims into their traps.
One of the most interesting trends that Symantec has noticed is that social spam and phishing has been cyclical, moving from network to network (see above graph). For instance, attacks will focus on Facebook for a period of time before falling off, then focus on Twitter or YouTube before coming back to Facebook. In the cat-and-mouse game that is malware verse security, these trends make sense as exploits are closed on one network and found another.
Symantec says that 53% of social malware is being launched from botnets in the United States. This is an interesting find in comparison with the overall amount of spam that is sent worldwide, with only 2.8% of email spam coming out of the U.S., according to a Symantec’s Intelligence Report released earlier this week.
The average lifespan of social spam is between 15 and 20 days, according to Symantec. Of that, Facebook sees the lion’s share with 40% of all social network spam, compared with 37% for Twitter and 23% for YouTube. Yet, there are differences in how spam is relayed on Facebook than Twitter. Twitter tends to see large-scale spam attacks that are shutdown by the company relatively quickly, while Facebook sees multiple types of spam threads running through the ecosystem on a persistent basis, according to a recent conversation I had with Sophos security analyst and blogger Chester Wisniewski.
Facebook has been active in protecting its users from “clickjacking” schemes, forming partnerships with security companies like Web of Trust to help protect users. According to Symantec’s trends graph, the company’s efforts have been paying off. Facebook has been in a decline since late April.
One of the differences in social spam as compared to email spam is the type of message that social spam uses to lure in victims. The big topics are still prevalent – pharmaceuticals, gambling and adult/sex/dating – but spammers are using different types of link-bait on social networks. According to Symantec social spam links are often tied to “unread” messages or fake invites. For instance, a message from Twitter saying that you have three unread messages that you cannot see because your message folder is full. From personal experience, Twitter’s DM folder is never “full” (this from a guy who had near 800 DMs in June and several thousand this year).
It is up to the user to protect their computer and exercise common sense with what they click on Internet. If not, your computer or your social network account may be part of the problem, not the solution.