Spammers have created a new fake Facebook application, called 'Facebook Social', as the social networking site continues to lead spammers' hit lists.
This is according to the July 2012 Internet Threats Trend Report, conducted by Cyberoam in partnership with Commtouch, which sheds light on some recent and highly hazardous malware and spam trends of the second quarter (May to July 2012).
The report says Facebook has always been on the hit list of spammers, and the same trend was seen this quarter.
It explains that Facebook Social is a confusing invention of pharmacy spammers designed to draw recipients to an online pharmacy. The description of the new service seems to have been lifted more or less from the description of the Reader, leading users to spam more convincingly.
In a statement, Cyberoam and Commtouch say that, on registering the application, users receive an e-mail welcoming them to the new service and inviting them to “view profile details”.
The links in the e-mail lead users to compromised Web sites that have been hacked. The same URL folder structure was used in a “Facebook notifications pending” outbreak, suggesting the involvement of the same spammer group in this attack. The probable thought process remains the same - that usage of the Facebook name obviously guarantees a good open rate.
The report adds that, apart from Facebook, yet another social networking service entering the spam lists was MySpace.
MySpace's name was also abused to draw pharmacy clicks, it adds. Scripts hidden in the compromised sites redirect users to the destination “Wikipharmacy” or the more traditional “Toronto Drug Store”.
The report also notes that levels of e-mail-attached malware increased in the second quarter of 2012. “Many attacks from this quarter featured new malware or variants of malware with very low detection rates by most AV engines at the time of the outbreak.
“With only six out of 42 anti-virus engines detecting spam after mass e-mails, it is evident how efficient spammers have become, and how social engineering is being utilised at its optimum to hook users,” says the report.
Compromised Web sites continued to be used extensively this quarter, the investigation also found. An analysis carried out during the second quarter of 2012 revealed categories of legitimate Web sites were most likely to be hiding phishing pages. Portals (offering free Web site hosting) remained at the highest position among these.
Other highlights from the July 2012 report include details about which categories of Web sites were most likely to be compromised with malware, of which pornographic sites have disappeared from the top 10 list.
Share