Well, I was feeling left out, what with all the talk of Twitter spam phishing attacks - no direct messages sent to me, no nothing - but lo and behold, one just arrived. My day is now complete :)

I'm not sure things are as bad for Twitter as Cringely says, but there has been a ton of spam lately. What I've been seeing is a lot of the typical stuff - MLM nerds trying to get followers, the "come see my pictures" come ons - stuff we've all seen before in email spam. I haven't seen any of this type of phishing attack yet, though:

The scam begins with a direct message -- one sent directly between two Twitter users -- that reads "ROFL this you on here?" and appears to link to a video site. When the victim clicks on the link, however, they are sent to a fake Twitter page and asked to log in. The scammers use that log-in information to automatically message the victim's contacts with the same direct message.

Why would a scammer want your Twitter logon? Because he/she needs to borrow your Twitter reputation for a little while -- just long enough to spew out spammy messages that send hapless twits to other Web pages where the scammers can abuse you further.

I don't know that it's the death of Twitter, but - if it starts to impact a decent proportion of Twitter users, I think it will drive people over to Facebook, where it's easier to ignore that kind of thing. The fact that you can reach anyone with an @ message, and the prevalence of short (and thus anonymous) urls makes for a perfect storm:

From the scammer's point of view, this is far superior to e-mail. There aren't any Twitter spam blockers (at least, that I know of). There are no ISPs to get in the way and cancel your accounts. People on the service are still fairly trusting of each other. And with shortened URLs, there's no way to find out where that person is sending you until you've already arrived. It's a perfect storm of spamminess

If that picks up a lot, people will bail in large numbers...

Technorati Tags: twitter, social media

The spammers continue to have fun with Twitter - I get tons of "follow" requests from scammers now, and over the weekend a prank seems to have pushed Twitter into accidentally deleting a bunch of valid accounts:

On the same day as the primate prank, Twitter itself erred by suspending hundreds to possibly thousands of regular user accounts. How the suspensions happened is unclear, but Twitter officially said it was due to "human error."

The prank involved getting a flash mob to create fake accounts and post the same hashtag, so as to hit the top of Twitter's trending topics. It worked, so I expect to see more of that kind of thing. In the meantime, the Twit-neighborhood continues to get worse :)

Technorati Tags: twitter, social media

What do you get when you combine Twitter hashtags with Twitter's "live" search and trending topics? A spam machine that never stops, that's what. According to Danny Sullivan, this falls into the "nobody could have predicted...." bucket :)

Technorati Tags: twitter, search

Apparently, some of the malware out there can spew out astounding amounts of spam traffic. PCWorld reports:

TRACElabs concluded that Rustock and Xarvester, the latter perhaps linked to the down-and-out Srizbi botnet, are the most efficient spam-spewers of the nine bots. Each is capable of sending up to 25,000 messages per hour, or 600,000 per day, and 4.2 million per week.

If they do that level of traffic normally, you would think the owner's of infected PCs would notice....

It was inevitable, I suppose: there's a paid service for tweeting out there called Magpie.

As if the "I got my free laptop, lol" posts weren't annoying enough :)

Technorati Tags: twitter, social media

I've seen plenty of Twitter spam, but it looks like the sorts of tools that started appearing 4-5 years ago for blogs are popping up for Twitter now:

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a “fully automated advertising software for Twitter” hit the market, potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

As ZDnet points out, creating this kind of tools is dead simple - Twitter doesn't even verify your registration address when you sign up. This can't be the first tool of this kind though; there have just been too many spammers around.

Technorati Tags: twitter, social media

Will there be a small breather from spam due to one of the main hosting sites for bad actors being taken offline?

A U.S. based Web hosting firm that security experts say was responsible for facilitating more than 75 percent of the junk e-mail blasted out each day globally has been knocked offline following reports from Security Fix on evidence gathered about suspicious activity emanating from the network.

That's the good news. The bad news? I seriously doubt that the bad actors will clump up like that in the future...

Technorati Tags: security

There's a pretty steady wave of spam attempts at the Wiki, but they are from bots that have been running fairly consistently for (literally) years now - every 2 minutes, the same set of pages get attempts with the same set of spam. Those I've had blocked for eons. What's interesting to me is the reduction in other spam.

Up until about a month ago, there were waves of spam that kept cresting, coming from different IP addresses, and with different payloads. I had to block those as they happened, and adapt the server to them. Then it pretty much just stopped, leaving the rump set of bots that I mentioned above.

I'm not sure why the waves stopped. I'm not complaining either, but something definitely changed.

Whoever was spamming the Cincom Smalltalk Wiki was really starting to tick me off - they weren't even pushing links to the spammed pages anymore, just annoying replacement text. That got tiresome pretty quickly, so I've just added the ability to lock pages. The ones that have been getting slammed are now locked, which will make my life easier....

Looks like Captcha lost the spam arms race:

By January 2008, Yahoo Mail's CAPTCHA had been cracked. Gmail was ripped open in April. Hotmail's top got popped during the same month. And then things got bad. There are now programs available online (no, we will not tell you where) that automate CAPTCHA attacks. You don't need to have any cracking skills. All you need is a desire to spread spam, make anonymous online attacks against your enemies, propagate malware or, in general, be an online jerk.

I had a ton of people tell me I should have gone with one of the big automated systems here. I think I'm glad I was too lazy to bother :)

Watching the waves of spam (attempted and successful) that hit the blogs and the wiki is interesting. Weeks and weeks will pass when nothing successful goes by, and the raw volume of attempts goes down. Then there are spike periods - starting about 2 weeks ago, the volume went up, and I've been manually removing 1-2 incidents a day. It will quiet down again fairly soon, I'm sure. I suspect that we are in some kind of "sweeps" period for spam - why, I have no idea.

If I didn't have spam filtering turned on for our Wiki, I definitely would not be able to keep it running - here's a bit of the logging, which illustrates the problem:

<< April 13, 2008 10:49:48.216 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Cincom Smalltalk >>

<< April 13, 2008 10:49:48.781 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Wiki Syntax >>

<< April 13, 2008 10:49:59.142 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Add an action button to a canvas >>

<< April 13, 2008 10:51:29.850 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: Wiki Syntax >>

<< April 13, 2008 10:54:22.129 >>
<< Spam from: (IP Omitted) >>
<< Spam Intended For: VW NameSpace Reservations >>

It's like that 24x7.

Charles Miller isn't happy with the rash of Twitter-spam out there. I'll note that this isn't new; Immediately after I joined Twitter (awhile ago) - I recall that one of the first "follow me" requests came from "Girls Gone Wild". I kind of figured that they weren't interested in "Smalltalk Daily" :)

Technorati Tags: twitter

As I've said before, spam seems to come in waves - there are times when the attempts to spam the Wiki and the blogs here are just tremendous, and then there are periods like the last few weeks - unusually quiet. After a few quiet weeks, I find I'm waiting for the other shoe to drop...

I'm noticing something about Spam this Christmas season. I posted on blog/wiki spam dropping off the other day - apparently, that's done on something resembling a 9-5 work schedule. Email spam though? That's just relentlessly bot driven. Cincom mostly shuts down over the holiday, so it's more obvious: real mail disappears, so all I see is the spam. And boy of boy, is there ever spam :)

It's an interesting difference. I guess email is still easier to automate; after all, to target my blog server, someone has to either manually go at it, or take the time to create a bot that specifically targets it (the servlets and web forms ar all things I created myself).

Hmm - there's a test I could run. I could try changing all the form field names and see what happens...

I'm curious about this - I was getting another wave of spam on the blog server(it seems to go through peaks and troughs) when it just stopped completely before the weekend. Which makes me wonder: are the spammers directing their bots on a work-day type schedule, and taking weekends and holidays like the rest of us?

Like Doc Searls, I'm noticing a huge uptick in spam. The blogs here are mostly ok - between the simple spam blocker and the "off brand" nature of the server, we don't get hammered too hard. The wiki is in ok shape; better than the UIUC server, which seems to have been knocked off the air. Email though? My corporate inbox is overflowing with Russian spam. How hard would a rule be such as "if it's not in (insert your language here), assume it's spam?"

Apparently pretty hard :)

Ok, this is interesting in a "inside Google" sort of way. TechCrunch reports that Google has launched a de-ranking offensive against blog link farms. This is a good thing, because search results will often take you to these bogus sites rather than the original content source.

However - as with any such battle, it looks like there's been some collateral damage:

The AOL owned Weblogs Inc was not immune, with leading Gadget blog Engadget dropping from PR 7 to PR5, Autoblog (6 to 4) and DownloadSquad (5 to 4).

That caught my attention, because the PageRank of this site is a decent 7 (scale of 10). It's just weird for my blog to have better PageRank than a site as popular as Engadget. I suspect that this move is going to create an awful lot of tooth grinding.

The Guardian may have the reason for the last round of spam attacks that I (and everyone else) have been seeing on the net: a growing botnet:

It gets worse. Storm's delivery mechanism changes regularly. It began as PDF spam, then morphed into e-cards and YouTube invites. It then started posting blog-comment spam, again trying to trick viewers into clicking infected links. Similarly, the Storm email changes all the time, with new, topical subject lines and text. And last month Storm began attacking anti-spam sites focused on identifying it. It has also attacked the personal website of a malware expert who published an analysis of how it worked.

I had been wondering about those waves (PDFs and e-cards) of spam. More recently (I mentioned this the other day), I've been seeing tons more comment spam than normal. I wonder if there's a specific plan, or whether someone is building a huge "rent a bot" (or heck, maybe they already have) network? Would I see a difference between spread attempts and spam campaigns that were paid for?

Technorati Tags: security