English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Is digital marketing the new spam?

Vicente Diaz
Kaspersky Lab Expert
Posted April 22, 05:54  GMT
0.2
 

What a week for being in Boston! I was heading to Source Conference the very same day the blast happened. It’s hard to describe all the intense emotions when I arrived. As president Obama said today to the city of Boston: “You will run again”. All my best to you guys, stay strong.

In my presentation in Source I talked about fraud in Twitter. These days we find a lot of spam bots in this social network, both blindly sending unsolicited direct messages to other users or doing some previous semantic analysis, depending on your tweets, for a more targeted message.

These bots are usually easily identified and promptly shut down by Twitter, but they are recreated again just as easily. For a given campaign spamming porn with more than 5000 active bots, they were creating 250 new ones a day. For some campaigns the half-life of the fake profiles is as low as 45 minutes. These bots are obviously against the interest of spammed users, but also against the interest of the social network itself. Interestingly, many companies offer this service as “digital social advertising”. You can see how the same profiles are being rotated on a regular basis, changing the profile description and picture both for avoiding detection and adapting it for the new campaign:

Several bots used this profile picture:

And the same bots one week later:

Many of the bots use a common dictionary for the tweets they send, apart from the spam messages sent. This way they try to disguise themselves as legitimate profiles. However this makes it easier to detect them. And that´s why they are starting to play new tricks to avoid semantic analysis-based detection by using random messages with words usually ignored in any semantic analysis. Here you can see some real examples:

  • if its do you me your my do it my be find is but on are its rt that was
  • I a me at get out your they on rt if I get rt can a
  • u you rt find in I that that your my my find one you so is is my you this but get all a one its it

Some of these campaigns are not only limited to Twitter, but we start seeing how they target several social networks, including Facebook. For instance, the job-deals.com campaign (active since beginning of April) mainly hits Twitter, but you can see how the Upstrean and Downstream sites according to Alexa also reflect Facebook users being hit:

These bots are not just a nuisance for users, they may represent a real threat when used to send more than just spam. What´s even more worrisome, many times they are used along with hacked accounts, effectively increasing the chances of the tweet to be clicked by the receivers as they believe it comes from friend. We can see how a recent campaign used this technique to hijack accounts with the incredibly original message “LOL, funny pic of you” followed by the link to the malicious landing site:

Several domains were used for this campaign, and again we see how some of them were likely spread in other social networks too:

There is much more fraud around in social networks, such as Twitter being used for spreading malware, for communicating with malware or for hacktivists’ interests as recently happened with Venezuela´s election:

There is much more to cover, but probably that´s enough for a blog post. However if you are interested in the topic, and in how you can use machine learning for detecting these malicious profiles, you can check my presentation here:

Follow me on Twitter

2 comments

Oldest first
Threaded view
 

mark117

2013 Apr 23, 09:31
0
 

Ref: Is digital marketing the new spam?

Hi Vicente Diaz

Cheers for helpful article,

My Thought's and my family's thoughts also go out to the people of Boston on that sad and tragic day.

I tend to agree that didgital marketing is fast becoming the new spam
i also read the article here at Securelist about the profile hacking incidents on facebook,

It just goes to show that even if they are a legal company/firm and they want to start targeting you with there bots/spam/advertising then there is not really that much you can do to stop them other than to use common sense,
Same with the bots, if they are a determined and persistent lot who created them and they are willing to keep making up dodgy profiles so they can spam people, It is going to be an hard fight ahead determining between spam/bots/advertisers/friends
thats why i swear by some of the plugins below.
They seem to reduce about 99.9% of crap online, you can never be truly 100% crap free, even in a perfect society..

My few tips are,

1: If you are on facebook or any social networking sites, "ONLY" let "YOUR" "real" friends be able to read posts and post or comment on your profile,
if a friend sends you a message or suspect e-mail,
Then go ask them if it was them that sent it,
It might take you a couple of extra minutes,
but isnt it better to be safe than to be sorry when you are infected.

2: I personally use Mozilla Firefox, i use the ad-block extensions/plugins along with my Kaspersky PURE 3.0 plugins, along with the better privacy plugin, and the keyscrambler plugin, I am using Mozilla Firefox 17.0.5-ESR, as i wanted the full functionallity of the Kaspersky plugins to NOT be compromised.

3: dont respond straight away to any e-mail/messages you may get,
and also just because you know your friends,
It doesnt mean that say they have not got there profiles open for the joe public to read/post/comment and to see who is on there friends list

I havent seemed to have no problems by sticking to a few of the #Golden Rules# and in the long run it "IS" going to save you one hell of a headache..

Right im off for now to go read about the machine learning you mentioned at the bottom of your article.

Thank You
mark117

Reply    

serbio18

2013 Apr 24, 13:52
1
 

Hi Vicente,

I m an student at an University at Computer and Information Sciences undergrad in New Zealand and active follower of tweeter news from cyber security. While reading this post I realized of something incredible..that you used Weka for your research which is the same software I m using for my AI course currently(I used it in other information sciences related papers last year thought).
I m a bit impressed because I thought it was mostly an educational software only and I 'd never thought it was going to be use outside from NZ borders, less for researching ,Well, I was wrong..just wondering how did come across with this software and why did you are you using it? is it use at the corporate level or it was just your personal choice?...I always thought that in big companies such as this one they generally use proprietary software so I was a bit worried that after graduating I will have to re-learn many things and tools which are used for 'real-life' work...btw I really want to join a company like this in the future..any advise that you could give me(us undergrads around the world) would be very appreciated please..thanks very much!Gracias!

Reply    
If you would like to comment on this article you must first
login


Bookmark and Share
Share