At least 200,000 websites designed to spoof social networks like Facebook, MySpace, and Twitter exist on the Web and are growing, according to research by Websense Security Labs. Most of them, about 150,000 target Facebook users.
With the aim of phishing for information, spreading viruses and malware, propagating spam, or avoiding email filters, the phony domains piggyback on the popularity of social networks and depend especially upon unsophisticated or unaware users to further cybercriminal agendas.
Websense offers as hypothetical examples domains like unblock.facebookproxy.com, buy.viagra.twitter.1234.com or hotbabesofmyspace999.com, all of which are similar to many of the domains researchers are discovering.
(Credit: Websense)
Facebook is an especially popular target because of its recent explosion of use among those in the workforce, particularly among 35-54 year-old demographic, which has grown 276 percent on Facebook in the past six months.
Though it appears the number of spoof sites targeting Facebook is much larger than those targeting MySpace—150,000 vs. 50,000—Websense software engineer Mark Haffenden suggests numbers can be deceiving. As the currently hot social network, Facebook is more affected by spambots creating scores of clone websites. When adjusted for clones, MySpace is actually targeted more often, but it’s only a matter of a couple of thousand.
“These new threats illustrate that attackers will continue to target Facebook, MySpace and Twitter, along with other social networking sites, for three reasons,” said Websense senior director of advanced content research, Charles Renert.
“First, these Web sites are popular so fraudsters are able to target lots of victims; second, people trust the content on it because they think it’s from other people in their network; and third, they are easy to compromise because they allow anybody to create and post content. Traditional Web filtering is not enough to protect users from threats on trusted sites, and isn’t enough to keep up with fraudsters generating new URLs almost instantaneously to avoid detection. Only real-time analysis of Web content can prevent users from being exploited by these attacks.”
Cybercrooks aren’t just planting their wares out in obscure areas of cyberspace and email inboxes, though. Some targets are much closer to home. Data gathered from Websense’s Threatseeker Network shows sites allowing user-generated content make up the majority of the top 50 most active distributors of malicious content. Over 70 percent of user-generated sites have hosted malicious content in the past six months, much of it in the form of comment spam.
