Spam has always been a constant annoyance and maybe even a threat, but it’s now moving from email to social networks.
The Wall Street Journal reports that spam is attacking social networks more than ever before thanks to the lack of filtering software and legislation as such methods are making email attacks increasingly difficult.
The report uses the example of one spam attack that offered free iPads to those who clicked the link on Facebook, but the link instead led to malware that caused Facebook to rebroadcast the spam to the friends of the original recipient.
While spam is becoming an increasing problem for social networks, the percentage of spam on these networks is still relatively low compared to email spam. Facebook says that less than 4 percent of the content shared on their site is spam, whereas Twitter says just 1.5 percent of all tweets were spam in 2010.
Facebook is gearing up their engineers to counter this problem with 30 people on a team that’s fully focused on countering spam. This is up from only four people working on Facebook integrity in 2008. This is on top of 46 people working in security as well as 300 people focused on user issues. Facebook says that a third of their 3,000 employees are fighting spam in some capacity.
The inherent danger with Facebook spam is that it tricks users into thinking the link came from friends, people they trust. The spammers create false Facebook profiles and then “friend” people they don’t know. They share spam links which spread through each person’s friend networks.
The more dangerous spam plots involve offering free products like the aforementioned free iPad scam that can take over web browsers or entire computers. Attacks are also getting far more sophisticated with attackers impersonating users and entering chats with people who assume they are talking to a friend.
Facebook has been especially frank about the operation of their anti-spam measures while giving users sound advice on how to avoid spam.
Spam is no new problem for Facebook as they dealt with a massive spam attack last November that sent images of hardcore porn and gore to users. It was caused by a browser vulnerability that created an easy way for the images to spread between users that clicked on the links.
Fortunately, a spammer’s weakness is anything that costs money or takes a lot of manpower to do. Facebook can use this to their advantage by requiring suspicious accounts to prove their humanity, thus blocking computers from being able to create more spam.
The efforts seem to be paying off as Twitter reports that spam tweet rates were at 1.5 percent in 2010 compared to 11 percent in 2009. They have also set up an account for users to report spam while offering tips on how to avoid falling for spam or phishing schemes.
Facebook is in it for the long run. “This is a game where there is never going to be a winner or a loser. We’re just going to be battling it out,” Pedram Keyani, a Facebook engineering manager, said.
UPDATE: Chester Wisniewski, Senior Security Advisor at Sophos Inc., told WebProNews in an email:
“The problem with spam on social media is that there is very little, to nothing that a user or company can do to filter it. The onus is on the social media provider to do the filtering because they control all entrance and exit points, unlike email where people have some control to implement their own filters.
Aside from relying on Facebook, Twitter, LinkedIn or Google to do a “good job” the best most people can do is implement a good web security filter to look for malicious or spammy URLs and prevent your browser from going to content that may be harmful.”