A study that involved downloading more than three million Facebook profiles has provided the largest-ever snapshot of the methods used by spammers on the world’s biggest online social network.
The study, led by researchers at Northwestern University, turned up hundreds of thousands of spam messages, most of which were sent by compromised user accounts in coordinated campaigns similar to those carried out by e-mail spammers.
“For normal users, it mostly remains a myth,” says Yan Chen of Northwestern, whose team led the study, “but spam has been a big problem to Facebook.”
Reports of user credentials being sold online also motivated the researchers, says Ben Zhao at University of California, Santa Barbara, who with a colleague also contributed to the study, which will be presented at the Internet Measurement Conference in Melbourne, Australia, next month.
Zhao’s group had previously collected a dataset of around 11 million Facebook profiles by exploiting the now-discontinued Facebook feature that caused people belonging to regional “networks” to share their profile information with other users by default. Three months worth of data, collected in mid-2009 and representing around 3.5 million people, were used in the study.
The researchers searched for spam in 190 million wall posts–messages posted on one user’s profile page by another user–by hunting for Web addresses, even if those addresses were deliberately obscured. Wall posts were grouped into clusters containing the same Web addresses before the malicious clusters were separated from those not sharing spam links by screening the addresses using Web security services.
Altogether 200,000 spam posts from 57,000 different user accounts were picked out from 2.08 million posts containing Web links. These spam posts were generated by 23 million users in total. The study is the first to examine spam activity and features at scale, says Zhao, and it shows Facebook is now a major platform for such activity. “The results are quite surprising to me – that even last year there was so much activity,” he says. “I think this is the harbinger of things to come, as Facebook attracts more of the wrong kind of attention.”
Many messages tempted users with offers of free swag such as ringtones, or used a social trap like announcing that someone had a “crush” on them. Around 70 percent of the messages were “phishing attacks,” meaning they directed users to websites that attempt to trick them into divulging personal information. But most were attempts to gain Facebook account details, a strategy that could help send out more spam.
“We expected that attackers would mostly create new accounts to send spam attacks, but in fact, most are sent via compromised accounts,” says Chen. “That may be harder than creating new accounts, but it is more effective to send spams to real friends.”
Different accounts often sent the same spam, sometimes in simultaneous bursts of activity. “These are coordinated spam campaigns, as we see in e-mail spam,” says Zhao.