The Latest in IT Security

Stopping a Big Facebook Spam Campaign

20
Sep
2013

While poking around in our shady-traffic logs Wednesday, I found a network big enough to be worthy of a blog post.

It's what we usually call a "spam/scam" network, although the spam aspect is a bit different, being based on Facebook rather than e-mail. Here's a sample page from Facebook:

screenshot of sample Facebook spam/scam page

The high number of "Likes" makes me suspect that the Bad Guys are using bots (or hacked accounts — same thing) to inflate their popularity a bit…

Anyway, our logs show that quite a few are people clicking on those womenshealth50.com links…
…and its "sibling sites" (courtesy of WebPulse's "SeeMore" big-data tool):

menshealth20.com
menshealth23.com
menshealth31.com
menshealth35.com
menshealth37.com
menshealth38.com
menshealth39.com
menshealth71.com
muscleworkoutgym.com
secretdietformula1.com
secretdietformula2.com
secretdietformula3.com
womanshealth5.com
womanshealth9.com
womenshealth10.com
womenshealth12.com
womenshealth31.com
womenshealth40.com
womenshealth42.com
womenshealth49.com
womenshealth50.com
womenshealth51.com
womenshealth55.com
womenshealth56.com
womenshealth57.com
womenshealth59.com
womenshealth60.com
womenshealth62.com

We've seen over 1300 of these URLs in the core WebPulse logs in the last week. And there are over 30 servers in this network, which made it a perfect snack to feed to our Spamnet Tracker.

–C.L.

Leave a reply


Categories

THURSDAY, AUGUST 16, 2018

Featured

Archives

Latest Comments

Social Networks