Twitter Spam Scams Increasing in Frequency, Complexity


And so it begins. Social media spam isn’t new. In fact, it’s a little like that summer blockbuster movie that everyone anticipates. The spammers are the movie execs, asking “how can we leverage this idea?” The collective social media sites of Web 2.0 are the movie theaters, the delivery mechanism that expect – nay, count on – a slew of traffic. IT professionals are the marketing guys who have been hyping it for some time (who among us hasn’t warned an IS Manager or CTO that social media was going to result in a truckload of headaches?). And the general public is, well, the general public. The moviegoers. The (computer) users.

Just like that summer blockbuster, when the release date finally hits, scores of people see it and just like spam, most of us walk away asking ourselves: why did we pay ten bucks to see that? (to make my analogy clear, people ask: why did I click that?) In the past few years, social media spam has become an epidemic of…well, epidemic proportions. For the social media giant Facebook, its users, and the IT folks who lose sleep while debating whether to block it from the company WAN, nothing I’ve said here is news; but now, it appears, spam is coming to a Twitter account near you.

Last week, Christopher Boyd of GFI Labs wrote a revealing blog post entitled “The cake is a lie,” recounting a recent surge in Twitter spam (T-Spam? Twam? SPitter? Thoughts, please. Let’s coin a term!) over last week’s release of Valve Software’s new game, Portal 2. Christopher stated that, “a lot of these spambots were directing users to a “Portal 2 Loader” (hat tip to MrTom), which has been downloaded roughly 4,000+ times and appears to be a Portal 2 crack.” Christopher also notes that searches on “Portal 2 Still Alive” are yielding some dubious results, but that at least the search engines are flagging the results as potentially dangerous links. YouTube isn’t any better, with videos offering cracks for the low, low price of completing a survey. Clearly, these are malware-infected sites that should be avoided at all costs, but like Douglas Adams pointed out in The Hitchhiker’s Guide to the Galaxy, a big red button can be awfully tempting, even if it’s just sitting there waiting to be pushed.

Big red buttons come in many different forms (and colors). The Register reports that last Tuesday a rogue app began spreading like wildfire, with a survey scam that might be too tempting not to click. In this one, a ‘tweep’ (I use the sneer quotes intentionally; read on) named ‘Follow Finder 332’ is pushing an app which promises to let users know just who has “unfollowed” them. “In reality,” The Register reports, clicking the link “does nothing but offer up a worthless survey that falsely promises lavish prizes for completing a questionnaire, earning the originators of the scam money in the process from unscrupulous marketing firms.”

The source tweet preys on our most basic weakness: to know who doesn’t like us (who unfollowed us) and why. Here’s why pushing that ‘big red button’ is so dangerous: like many websites today, clicking the link will pop up a dialog box asking for permission to access the Twitter account. I’m sure we’ve all done it at some point. Every so often, I’ll retweet an article that I think my followers will find interesting, but those retweets come from relatively safe sites like Yahoo! News, Reuters, or The Register. Unfortunately, we humans are creatures of habit, and this popup looks like every other popup asking for access to the Twitter account. A big red button that’s just too easy to push.

The source tweet propagates by using trending hash tags on Twitter (in case you were curious, right now #ithurtswhen #becauseoffacebook and #happyeaster are the top 3 trending topics).

Do you see the problem? ‘Traditional’ spam – email spam – spreads because someone somewhere opted in to a distribution list, whether the list was innocent or not. That’s the ‘push approach,’ because the spammer is pushing the information out to the distribution list. The Twitter scam uses the ‘pull approach,’ because the potential target (the Twitter user) is requesting the information (the trending topic) and therefore ‘pulling’ or asking in a sense, for the spam.

In a previous paragraph I refer to the Twitter spammer as a ‘tweep,’ which is in fact what he or she becomes. Following a trending topic means you ‘follow’ everyone commenting on that topic. With the increasing number of Twitter users, spam like this will not only increase, it potentially has the ability to spread like a rampant virus. The implications are catastrophic.

Twitter schemes aren’t new, relatively speaking, but this one carries with it the potential to increase in epidemic proportions. As Christopher Boyd pointed out in his blog, most of the content seen on the Portal 2 spam is nonsensical, but since it draws on Portal 2 relevant content, a Twitter user may not realize what they’re doing when they click the link. True, you can’t really feel sorry for anyone searching for a crack to a program, but if the rise in spam – and the numerous Facebook scams – are any indication of what’s to come, Twitter may be a good choice for a behind the firewall block for those enterprises concerned about the increasing danger of Web 2.0 spam scams.


Leave a Reply