Websense Security Labs® has been monitoring the recent spammer tactics that use Bebo services for spamming purposes. In the past, we blogged about similar spammer trends where Google services were increasingly used in spam runs. Google Blogger and Google Docs have been under attack, as has Gmail; and mass mailing campaigns are not confined to Gmail. Live mail, Hotmail, and Yahoo Mail have all been under siege as well. We detected this trend through the ThreatSeeker™ Network.
Bebo.com is a popular and widely-used social networking site. Spammers have been creating accounts on Bebo and using their corresponding profiles as doorway pages for advertising products and services.
For spammers, there are 4 advantages to using a social network like Bebo:
- It is free to sign up.
- Spammers can include Bebo profiles in different spam campaigns rather than including their actual spam domains. This defeats a range of anti-spam services that rely on reputation services.
- These doorway page account profiles can be used in multiple mass-mailing campaigns for subsequent attacks.
- It may be hard for Bebo to keep track of accounts, because there are a large number of users using Bebo services around the globe.
When users visit the links (Bebo spammer account profiles) in spam, they can find the spammer products and services advertised:
Spam domains advertised:
A wide range of attacks are possible using the same account credentials over other services offered by Bebo.
Websense predicts that these accounts could be used by spammers at any time for a variety of social-engineering attacks, a trend that has been increasingly common with various popular Web 2.0 sites, such as MySpace, FaceBook, and Slide.com.
Security Researcher: Sumeet Prasad