According to a new alert from MessageLabs, the Donbot botnet has started pushing Spam that uses the popular micro-blogging service Twitter as a tie-in. Within 24-hours, what started out as a small run is now a Spam campaign that accounts for 4-percent of global Spam.
Donbot botnet pushing Twitter-based Spam. (IMG:J.Anderson)
The Donbot Spam run is of the “get rich quick” or “make money part-time from home” variety, the kind where you can pay a small fee for a trial program, and then just sit back and watch as the millions come rolling in.
These types of scams, or “business opportunities” as they are sometimes called, will look good to some who are out of a job. Sadly, even when people know it is likely too good to be true, they will risk paying the small fee, or entering personal information into a form, just for a chance to get out of financial hot water. MessageLabs says that the links in the “get rich” emails are all pointing to Twitter in an attempt to use the trust of the micro-blogging service and domain to bypass Spam filters. The exact number of emails actually making it past filter systems is unknown. Based on tracking, the crews behind the Spam run are playing a numbers game. On November 18, the number of emails with a Twitter link and images or messages related to business opportunities reached 4-percent of global Spam traffic.
“Firstly, the body of the e-mail is simply an image (of a fake newspaper article), to try and get past text-based signatures,” said Paul Wood, MessageLabs Intelligence Senior Analyst.
“Second, the image itself is a link to a Twitter account, an attempt to get past link signatures as Twitter is a legitimate site that couldn’t be stopped without stopping a huge amount of perfectly innocent e-mails as well…A large number of Twitter accounts are used and they seem to be a mixture of hijacked accounts (quite old, and have genuine looking updates) and false accounts set up purely for the purpose of spamming (not very old, only contain spam-like links).”
In addition, this scam has been seen on Facebook as well. On Facebook, the scammers will use hijacked or rogue profiles to post updates using the exact same Twitter links. Again, the idea is to exploit the trust in Twitter itself, on both a personal level and technical level.
The bottom line from Symantec’s MessageLabs - don’t you believe it. The holiday is fast approaching, and anyone looking for work or wanting to make a little extra scratch will be tempted to send in some information or pay a small fee. It isn’t worth it.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story