Virus targets the social network in new fraud twist

instagram cyber fraud.jpg

Boston: In the world of cyber fraud, a fake fan on Instagram can be worth five times more than a stolen credit card number.
As social media has become increasingly influential in shaping reputations, hackers have used their computer skills to create and sell false endorsements - such as 'likes' and 'followers' - that purport to come from users of Facebook, its photo-sharing app Instagram, Twitter, Google's YouTube, LinkedIn and other popular websites.
In the latest twist, a computer virus widely used to steal credit card data, known as Zeus, has been modified to create bogus Instagram 'likes' that can be used to generate buzz for a company or individual, according to cyber experts at RSA, the security division of EMC Corp.
These fake 'likes' are sold in batches of 1,000 on Internet hacker forums, where cyber criminals also flog credit card numbers and other information stolen from PCs. According to RSA, 1,000 Instagram 'followers' can be bought for $15 and 1,000 Instagram 'likes' go for $30, whereas 1,000 credit card numbers cost as little as $6.
It may seem odd that fake social media accounts would be worth more than real credit card numbers, but online marketing experts say some people are willing to spend heavily to make a splash on the Internet, seeking buzz for its own sake or for a business purpose, such as making a new product seem popular.
"People perceive importance on what is trending," said Victor Pan, a senior data analyst with WordStream, which advises companies on online marketing. "It is the bandwagon effect."
Facebook, which has nearly 1.2 billion users, said it is in the process of beefing up security on Instagram, which it bought last year for $1 billion. Instagram, which has about 130 million active users, will have the same security measures that Facebook uses, said spokesman Michael Kirkland.
He encouraged users to report suspicious activity through links on Facebook sites and apps.
"We work hard to limit spam on our service and prohibit the creation of accounts through unauthorized or automated means," Kirkland said.
Knowing when to stop
The modified Zeus virus is the first piece of malicious software uncovered to date that has been used to post false "likes" on a social network, according to experts who track cyber crime.
Fraudsters most commonly manipulate 'likes' using automated software programs.
The modified version of Zeus controls infected computers from a central server, forcing them to post likes for specific users. They could also be given marching orders to engage in other operations or download other types of malicious software, according to RSA.
Cyber criminals have used Zeus to infect hundreds of millions of PCs since the virus first surfaced more than five years ago, according to Don Jackson, a senior security researcher with Dell SecureWorks.
That the virus is now being adapted to target Instagram is a sign of the rising importance of social media in marketing, and the increasing sophistication of hackers trying to profit from the trend.
Online marketing consultant Will Mitchell said he sometimes advises clients to buy bogus social-networking traffic, but only to get an early foothold online.
When asked about the ethics of faking endorsements, Mitchell replied, "It's fine to do for the first 100, but I always advise stopping after that."
He said one of his clients once bought more than 300,000 "likes" on Facebook against his advice, a move that Mitchell felt damaged the client's reputation. "It was just ridiculous," he said. "Everybody knew what they were doing."
Still, experts say schemes to manipulate social networks are unlikely to go away. Creating fake social media accounts can also be used for more nefarious purposes than creating fake "likes," such as identity theft.
"The accounts are always just a means to an end. The criminals are always looking to profit," said computer security expert Chris Grier, a University of California at Berkeley research scientist who spent a year working on a team that investigated fake accounts on Twitter. 

Post new comment

<form action="/comment/reply/250767" accept-charset="UTF-8" method="post" id="comment-form"> <div><div class="form-item" id="edit-name-wrapper"> <label for="edit-name">Your name: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="60" name="name" id="edit-name" size="30" value="Reader" class="form-text required" /> </div> <div class="form-item" id="edit-mail-wrapper"> <label for="edit-mail">E-Mail Address: <span class="form-required" title="This field is required.">*</span></label> <input type="text" maxlength="64" name="mail" id="edit-mail" size="30" value="" class="form-text required" /> <div class="description">The content of this field is kept private and will not be shown publicly.</div> </div> <div class="form-item" id="edit-comment-wrapper"> <label for="edit-comment">Comment: <span class="form-required" title="This field is required.">*</span></label> <textarea cols="60" rows="15" name="comment" id="edit-comment" class="form-textarea resizable required"></textarea> </div> <fieldset class=" collapsible collapsed"><legend>Input format</legend><div class="form-item" id="edit-format-1-wrapper"> <label class="option" for="edit-format-1"><input type="radio" id="edit-format-1" name="format" value="1" class="form-radio" /> Filtered HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Allowed HTML tags: &lt;a&gt; &lt;em&gt; &lt;strong&gt; &lt;cite&gt; &lt;code&gt; &lt;ul&gt; &lt;ol&gt; &lt;li&gt; &lt;dl&gt; &lt;dt&gt; &lt;dd&gt;</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> <div class="form-item" id="edit-format-2-wrapper"> <label class="option" for="edit-format-2"><input type="radio" id="edit-format-2" name="format" value="2" checked="checked" class="form-radio" /> Full HTML</label> <div class="description"><ul class="tips"><li>Web page addresses and e-mail addresses turn into links automatically.</li><li>Lines and paragraphs break automatically.</li></ul></div> </div> </fieldset> <input type="hidden" name="form_build_id" id="form-9991e511fd363d8da91487404d710b6e" value="form-9991e511fd363d8da91487404d710b6e" /> <input type="hidden" name="form_id" id="edit-comment-form" value="comment_form" /> <fieldset class="captcha"><legend>CAPTCHA</legend><div class="description">This question is for testing whether you are a human visitor and to prevent automated spam submissions.</div><input type="hidden" name="captcha_sid" id="edit-captcha-sid" value="85642956" /> <input type="hidden" name="captcha_response" id="edit-captcha-response" value="NLPCaptcha" /> <div class="form-item"> <div id="nlpcaptcha_ajax_api_container"><script type="text/javascript"> var NLPOptions = {key:'c4823cf77a2526b0fba265e2af75c1b5'};</script><script type="text/javascript" src="http://call.nlpcaptcha.in/js/captcha.js" ></script></div> </div> </fieldset> <span class="btn-left"><span class="btn-right"><input type="submit" name="op" id="edit-submit" value="Save" class="form-submit" /></span></span> </div></form>

No Articles Found

No Articles Found

No Articles Found

I want to begin with a little story that was told to me by a leading executive at Aptech. He was exercising in a gym with a lot of younger people.

Shekhar Kapur’s Bandit Queen didn’t make the cut. Neither did Shaji Karun’s Piravi, which bagged 31 international awards.