Twitter Spam Bots Target NFL and Miley Cyrus Fans

This week, fans of the Denver Broncos and Seattle Seahawks have been tweeting in anticipation of Super Bowl XLVIII, but many have been subjected to a torrent of spam from Twitter bots. Fans of pop star Miley Cyrus have also been plagued with an identical spam campaign using targeted keywords.

Last summer, we published a blog about a similar campaign that focused on the BET Awards and fans of Justin Bieber, One Direction, and Rihanna. The latest campaign follows the same blueprint with improvements.

The scam starts with Twitter users tweeting specific keywords which are monitored by spam bots on the service. The keywords could be about the Super Bowl, the Broncos, Seahawks, or individual players on the team, such as Denver Broncos quarterback Peyton Manning or Seattle Seahawks cornerback Richard Sherman. In the case of Miley Cyrus, mentions of her full name or her first name alone may receive a response from spam bots.

The response is a tweet with an attached photo that shows the targeted users’ Twitter handle in an effort to personalize the message.

NFL Miley Cyrus 1.png

Figure 1. Twitter spam bot replies using photo attachments that claim to offer prizes related to the NFL or Miley Cyrus

These spam bots do not tweet links or include links in their Twitter profiles’ biography section. Instead, they rely on users to manually type the URL found in the picture that was tweeted to them. This is an adaptive measure to ensure that antispam filters do not flag their accounts.

NFL Miley Cyrus 2.png

Figure 2. Scam websites ask users to verify Twitter usernames

Both of the sites that were mentioned in the photos follow the same template. The sites first request a user’s Twitter username, claiming that they need to check the username to confirm eligibility. After that, the site requests the user’s personal information, such as their full name, home and email address. and phone number.

NFL Miley Cyrus 3.png

Figure 3. Users asked to participate in a survey and download mobile apps

Before a user can proceed, the supposed sponsors claim that the user needs to complete a “special offer” in order to have a chance to win the prize. Typically, this leads to a survey, but since this scam is mobile-based, users are asked to install a mobile application, earning the scam operators money for each successful installation through affiliate programs. This incentivizes the scammers to aggressively spam users.

The rise in popularity of social networking services over the last few years has encouraged spammers and scammers to target these large pools of users discussing major events and public figures, similar to how marketers do. The question is, which event or public figure will be targeted next?

AVAST expands its SMB portfolio.

      No Comments on AVAST expands its SMB portfolio.

Text with cooperation with Magdalena Kuberacka  AVAST Software is a well known brand thanks to its multi awarded avast! Free Antivirus. However, AVAST is much more than just a great free antivirus solution you probably use on your home computer. Our avast! Business Solutions present portfolio of products designed especially for the Small and Medium Business and offered […]

‘Xin Nian Kuai Le’: Spammers Say Happy New Year

China is gearing up to usher in the Year of the Horse, which begins with the new moon on January 31 this year. With more than a billion people worldwide preparing to celebrate the new year for the lunar calendar, the celebration this year promises more color than ever before.
 
Chinese New Year, also known as the spring festival, is a day for reunion and thanksgiving, where exchanging gifts is at the heart of the celebration. Friends, family, colleagues and even businesses exchange gifts to show love, respect and loyalty. Business owners often send gifts to their customers and shops offer gifts and discounts to show their gratitude. However, spammers are all too aware of this practice.
 
The spammers and fraudsters are known to capitalize on special occasions and exploit the noble gesture of giving gifts in order to send out spam. They are known to pose as friends and business owners and send emails promising gifts and financial offers to attract unsuspecting victims. 
 
We’ve observed spam that exploits Chinese New Year by pretending to be from a reputed company. The spam message appeals to the recipient’s benevolence, asking them to give the company’s products as gifts to loved ones.
 
Sample
translated.png
Figure 1. The subject of the spam message
 
Translation
Subject: [COMPANY NAME] wish users, a happy new year.
 
 
email_0.png
Figure 2. Preview of the Chinese spam email related to the Year of the Horse
 
Translation
Greeting all customers,
 
As the year of the golden snake is coming to an end, year of lucky horse right at our door steps! It’s the beginning of a new year, everything is a new start! As we are about to approach the new year, [PRODUCT NAME] would like to send our greeting to you and your family with utmost respect and well wishes! We wish you a happy and healthy new year!
 
Thanks for your continuous support to the company. We wish you a great Year of the Horse. Happy New Year!
 
[COMPANY NAME]
2014 January
 
The spam sample in discussion has the subject line greeting the customers on behalf of the company. The body contains an image preview which looks cheerful to spread the holiday feeling. The message tries to make the name of the company linger in the minds of the readers so that they may consider its products while gift shopping.
 
In previous years, Symantec had observed a variety of Chinese New Year spam. The most prominent among them promoted fake gift offers and discounts. Scams formed another significant spam category, which included loan offers and job offers, making people think they can pay off any debt they may have and get a good start in the new year. All these spam emails were devised to exploit the strong traditions and values of the Chinese community worldwide.
 
The Chinese New Year festivities commence on January 31 and will continue for 15 days until the full moon, when Lantern Festival is celebrated. We can expect more spam of a similar nature during this  time.
 
The New Year festival is a good opportunity for the spammers to target users. The best practice to avoid falling into the spammers’ traps is to be wary of opening unsolicited new year themed emails.
 
We wish you all the very best in the Year of the Horse!

AVAST team at FETC 2014 conference in Orlando.

While most of the AVAST team is located in freezing Prague, some of us are enjoying sunshine in Florida. The AVAST Free for Education team is excited to be attending FETC 2014 in Orlando, Florida for the first time! Check out the preparation progress and don’t forget to follow AVAST on Instagram and stop by at the Booth 356! AVAST Free […]

???????????????????????

      No Comments on ???????????????????????

2013 年、ユーザーを詐欺サイトに誘導する何千ものアプリが Google Play で公開されました。日本では、この形態の詐欺は通常「ワンクリック詐欺」と呼ばれています。2013 年 1 月に初めての亜種が出現して以来、何日間も生き残る詐欺アプリはほんのひと握りですが、2013 年の 1 年間に公開された詐欺アプリは、合計すると 3,000 種以上にものぼることが確認されました。昨年の 10 月までに詐欺師たちは、新しい亜種を Google Play で公開することをやめていますが、その理由はわかっていません。

figure1_12.png
図 1.
ワンクリック詐欺サイトに誘導するアプリが 2013 年中に Google Play で公開された総数

詐欺サイトに被害者を誘い出すアプリは、Google Play でこそ公開されなくなりましたが、最近は被害者を詐欺サイトに誘導するために別の経路が使われています。たとえば、それはスパムなどです。

この詐欺は携帯電話、特にスマートフォンに届いたスパムから始まるのが一般的です。スパムメッセージには、アダルト動画サイトへのリンクが掲載されています。そのサイトでは、動画を無料で鑑賞できると謳われています。

figure2_13.png
図 2.
この詐欺の過程で届くスパムメッセージの例

figure3_8.png
図 3.
スパムメッセージからリンクされているアダルト動画サイト

動画を見るためには、電話を掛けてサイトに登録しなければならないと指示されます。被害者がサイトで指定されている番号に電話を掛けると、自動システムが電話を受け、被害者のモバイルデバイスの電話番号を保存します。次に、サイトにアクセスするために電話番号を入力するよう求められます。

figure4_6.png
図 4.
動画を見るためにサイトに登録するよう指示される

サイトへの登録を済ませて動画をクリックすると、別の Web ページが開きます。このページを注意深く読むと、「無料」という単語が完全に消えていて、購読料金に関する小さな注意書きが追加されていることに気が付きます。

figure5_4.png
図 5.
購読料金の詳しい案内が載ったアダルト動画サイト

この注意書きを見逃してダウンロードボタンをタップすると、有料サービスに登録したことになり、約 10 万円という法外な料金を請求されてしまいます。実際に 2 つのアダルト動画ページの URL を比較してみれば、ドメインが違うことがわかるはずです。ユーザーは元のサイトから別のサービスにリダイレクトされています。動画を無料で見られるのは元のサイトだけですが、実際には動画は見つかりません。リダイレクト先のサイトには動画がありますが、それは無料ではないのです。

figure6_0.png
図 6.
購読料金を請求するサイトの登録ページ

元のサイトの利用規約を読むと、そのサイトにあるすべてのコンテンツには無料でアクセスできるが、リンク先の他のサービスは有料の場合があると書かれています。

サイトの Q&A ページに、詐欺師からの電話に引っかかって動画サービスの料金を請求されることがあるという警告文が書かれているのは、何とも皮肉です。このページでは、料金の支払いには注意する必要があるとも指導しています。実際に、期日までに料金が支払われないと、詐欺師は督促電話を掛けてきます。

figure7_0.png
図 7.
詐欺に関する警告文が書かれた Q&A ページ

こうした詐欺は毎日のように発生しており、オペレーティングシステムの種類を問わず、スマートフォンを持つユーザーが狙われています。引き続きワンクリック詐欺には警戒して、迷惑メール(スパムメッセージ)のリンクは絶対にクリックしないようにしてください。

 

* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。

How are you doing Mr. Android?

      No Comments on How are you doing Mr. Android?

First of all, I would like to shift your attention a bit backwards. No worries! This is no history lesson or something from the ancient past.  Rather, I would like to share with you folks some Android statistics from the last two years. Hopefully, it will give you a better idea about which malware is […]

How are you doing Mr. Android?

      No Comments on How are you doing Mr. Android?

First of all, I would like to shift your attention a bit backwards. No worries! This is no history lesson or something from the ancient past.  Rather, I would like to share with you folks some Android statistics from the last two years. Hopefully, it will give you a better idea about which malware is […]

Ancient Japanese Click Fraud Still Healthy and Alive

In 2013, scammers published thousands of apps on Google Play that led to fraudulent sites. This form of scam is typically called “one-click fraud” in Japan.  The very first variant appeared in January and while only a handful of these fraudulent apps survive for a few days at most, we confirmed that, in total, more than 3,000 apps were published on the market in 2013. By October, scammers for the most part have stopped publishing new variants of the fraudulent apps on Google Play for unknown reasons.

figure1_12.png
Figure 1.
Total number of apps leading to one-click fraud sites published on Google Play throughout 2013

While apps that lure victims to fraudulent sites may no longer be available on Google Play, there are currently other vehicles leading victims to these sites, such as spam. 

This scam typically begins with spam that has been sent to a mobile phone, ideally a smartphone. The spam message contains a link to an adult video website. The site claims that videos can be viewed free of charge.

figure2_12.png
Figure 2.
Example of the spam message sent as part of this scam

figure3_7.png
Figure 3.
The adult video site linked in the spam message

To view a video, the visitor is instructed to make a phone call in order to register for the site. Once the user calls the number provided on the site, an automated system will accept the call and save the phone number of the victim’s mobile device. The visitor will then be prompted to input their telephone number in order to access the site.

figure4_4.png
Figure 4.
The site instructs the user to register to access the videos

When the user clicks on a video after they’ve registered for the site, another Web page opens. If you read the page carefully, you will notice that the term “free” has completely disappeared and a tiny note about a subscription fee has been added.

figure5.png
Figure 5.
The adult video site with details of a subscription fee

If the visitor fails to notice this detail and clicks the download button, they will end up registering for the paid service and will be charged the hefty price of about US$1,000. If you actually compare the URL of the two adult video Web pages, you will notice that the two sites have different domains. The original site redirects the visitor to a different service and allows free videos to be viewed only on its own site, but no videos can be found. There are videos on the second site, but they are not available for free.

figure6.png
Figure 6.
Registration page for the site that charges a subscription fee

The end-user agreement on the original site states that all content on the site can be accessed free of charge, however, other services linked to the site may not be free.

Interestingly, the site’s Q&A page warns visitors that they may receive phone calls from scammers asking them to pay for video services. The Web page instructs users to be carefully about making payments. The scammers do follow up by calling the visitors if the fee is not paid by the deadline.

figure7.png
Figure 7.
The Q&A page with a warning about scammers

These scams occur on a daily basis and affect users with smartphones that run any type of operating system. Users should remain vigilant of one-click fraud scams and should avoid clicking on links received through unsolicited spam messages.