The Emergence of “Spam 2.0″
March 31st, 2008 | by jessestay |If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
My recent blog post on the possible “Facebook Worm” seems to be making an effect in security circles. Within 24 hours I quickly got this e-mail from Zango making sure their name was not associated with it:
Hello Jesse,
I am writing to you about the above entitled post. I first want to clarify that we (Zango) had no involvement with the “Secret Crush” Facebook widget. Matt Hines of InfoWorld clarified that in a blog post in January. You should take a look at: http://weblog.infoworld.com/zeroda)y/archives/2008/01/zango_strikes_b.html.
Mr. Hines’ blog post was spurred by our thorough investigation, which began with a blog post (http://blog.zango.com/PermaLink,guid,94c0e12c-c69e-484f-81b8-b8b58953d71b.aspx) and ended with another post (http://blog.zango.com/PermaLink,guid,b148693d-dbb7-48b9-a102-af336768a424.aspx) and press release (http://www.easyir.com/easyir/prssrel.do?easyirid=83181A68A6B07C97&version=live&prid=345840&releasejsp=release_21).
So to answer your question: Since Zango was not inovlved, we are not associated in any way with Secret Crush. Now, could Secret Crush be doing dubious things? Very possible. Have you contacted Facebook to let them know? If not, I will do just that, as we’ve had some contact with them.
I hope that you’ll revised your post in some way and, as always, am available to discuss further, etc.
Thanks,
SJS
Steve Stratz
Director of Public Relations
Zango
The following day, I received an e-mail from the security company, Fortinet, asking if they could publish a security advisory on the threat. They mentioned they didn’t think it was necessarily a “worm”, per se, but rather what they call “Spam 2.0″. This brings to question, are we in a new age of Spam? Now, instead of hijacking a person’s e-mail account and sending out spam messages over SMTP e-mail, spammers are now hijacking your Facebook and other social accounts, and posting their links and messages on your walls, and statuses.
The question now becomes, is it still related to the Secret Crush application? I find it hard to believe with the problems they had in the past, and with them posting “totally hooked on the crush calculator” within the user’s status message that they wouldn’t have some involvement, but then again, the spammer could just be using a hijacked application at the same time they are using the hijacked user’s account. As Fortinet mentions, this has been happening on Myspace for quite some time now - it is only recently that we’re starting to see the same on Facebook.
The advantage these social networks have over traditional e-mail to combat spam is that your account requires a password to hijack. If you keep a good alpha-numeric, non-dictionary-based password, spammers can’t exist! You can read more from the Fortinet article here:
http://www.fortiguardcenter.com/advisory/FGA-2008-08.html
Also, PC Magazine’s blog wrote on it recently:
http://blogs.pcmag.com/securitywatch/2008/03/facebook_worm.php
5 Responses to “The Emergence of “Spam 2.0″”
By Donnacha on Apr 17, 2008 | Reply
I just ‘received’ this spam to my FB Wall:
>>
remember i told you about those pills that mike and his brother have been taking that made their pricks larger then life? well i finally got more info on whats been happening. mike have been taking the pills now for 6 months from (url removed) and his brother about 3 months now. yesterday i found out that you know who has been taking them for the longest time now too, that blew me away. so the secret is out, these enlarge pills really work and more people then i realized are taking them daily. i am thinking of getting some for a certain someone today, they guarentee them 100 percent that they will work or every cent you paid back to you. (url removed)
<<
Since the ’sender’ is the young daughter of a friend I am embarrassed at the idea of even letting her know. What on earth can be done about these money-grubbing slime-balls polluting the net? Is ther no end to what modern greed will lend itself to.
I only wish I had the ability to organize an email bomb of the site. It occurs to me that hackers would certainly get praise from the public if they set out to put such people out of busiiness instead of preying on helpless users. Where are you Robin Hood hackers?
By Gail on Apr 18, 2008 | Reply
I received the same spam on my facebook wall. I was quite embarrassed, as I don’t even use my wall. I was told by a friend that I inadvertantly sent the same despicable message to all my facebook friends. How do I prevent this from every happening again?
By Jesse Stay on Apr 19, 2008 | Reply
Gail,
I suggest contacting Facebook - it is most likely someone got your password and is using your account. They need to know about these so they can better prevent this. I also suggest changing your password to something non-dictionary based, with numbers and even non-alpha-numeric numbers that would be hard to hack. Good luck!
By Facebook Notes on Jul 19, 2008 | Reply
Is there a way to see what IP address someone has been using to login to your facebook account?
It would be great to see a notice like in paypal - last logged in at: from IP address:
By Jesse Stay on Jul 21, 2008 | Reply
Facebook Notes, there isn’t a way that I’m aware of at the moment. If someone has broken into your account you can always report it to Facebook though.