Hackers Attack Bebo & Creating Several Fake Accounts
Websense Security Labs said that Bebo, the famous social networking site, has been under attack from hackers who register several fake accounts advertising fake online pharmacies, with the owners of campaign getting revenue through an affiliate based program.
Security experts at Websense said that the automated registration process is created by cracking Bebo's CAPTCHA in combination of using fake mail registered in the similar manner. The report further says that cracking CAPTCHA or outsourcing the process to humans to make such spam on social networking Websites possible is going to be more efficient in 2009.
Hackers have also discovered the best use of authentic e-mail addresses made on famous reputed free mail sites by linking them to the accounts made on social networking sites like Bebo. Trend Micro reveals that a search on Google for Cialis, a drug frequently referred in spam mails, shows two accounts on Bebo in the top five results returned.
Security experts said that around 30,000 fake profiles were created in October 2008. Naturally, Bebo is not the only one which has been targeted, but among other social networking sites and blogging platforms, the more famous the abused service the more the visibility and lesser time frame for search engine crawlers to select their fake material.
Also, the potential for exploitation is huge. One the profiles start receiving traffic, the hackers will start selling the traffic through a traffic exchange program made only for harmful purposes such as redirecting to live exploit URLs and rogue security program.
Thus, users of social networking sites are getting several 'Add Friend' requests from fraudulent profiles. This method proves successful as the traditional anti-spam programs are unsuccessful in distinguishing between such requests and the original ones. The Add Friend requests appear original as they hail from authentic social networking site, and their headers are also correct and intact.
The experts claim that it is really tough to differentiate between an authentic mail or a spam mail. The only apparent hint is the sequence of letters in the user name space of mail address.
Related article: Hackers Redirect Windows Live Search to Malicious Sites
» SPAMfighter News - 15-11-2008