Analysis of Facebook attacks
Commtouch published a comprehensive analysis of scores of malicious Facebook activities during the past year.
Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions. Visitors to these sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.
Users are induced to click on the scams through social engineering tactics such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: “You have to see this!”
After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly over half the analyzed scams, with those falling into three main categories: likejacking, rogue applications, and malware or “self-XSS,” each of which is described in the report.
In 48% of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on “like” or “share” buttons.
“Facebook scammers are out to make money, and affiliate marketing is a rich source,” said Amir Lev, Commtouch’s CTO. “The same social engineering techniques that malware distributors and spammers have been using for years to induce people to open their unwanted mail or click on malicious links are being leveraged within Facebook and other popular social networks for ill-gotten gains.”
Besides Facebook threats, the report discusses Web threats, phishing, malware, and spam throughout the year. The content of the report is based on data from Commtouch’s GlobalView Network, which tracks and analyzes billions of Internet transactions daily.
The trend report describes the explosion of email-borne malware in the third quarter of 2011 to the highest levels observed in over two years, followed by its subsequent drop to earlier low levels during the fourth quarter.
While emails with attached malware subsided to a mere trickle, email messages with malware links hosted on compromised Web sites increased significantly, using themes like pizza delivery notifications and airline itineraries to trick recipients into clicking on the malicious links.