Facebook spam

One of our spam analysts saw the following spam today:


AldLif tedHisCh in AndNarro wedHisE yes."Th eZenshi aVa r iationS ays,' AFr iendWho Cannot BeRe lie dUponI sWo rseTh an AnEnemy. '"

Flo riscia XicoCou l d Bar el yContain Hers elf." That WasInc redi ble!The Peopl eWill Rejoic eWhe nTheyLea rnOfOurN ew Ally."

The link redirects to an actual Facebook page with the following image uploaded:


Spammers are shifting their tactics yet again in an attempt to evade filters.  Note that when I use the term “shifting tactics” I don’t necessarily mean that it is a new tactic.  What I mean is that the attack vector is increasing in frequency.  I’ve seen spammers abuse sites like Live Spaces, Google Blogspot, Geocities, etc, for years.  What they are attempting to do is get around reputation services.    Spam tactics shift over time, but they are also cyclical.  What was a spam pattern before goes dormant for a while and then re-awakens, albeit in a different form.  Going from Live Spaces to Facebook is no different.

Many spam filters today use URL filters.  The assumption that spammers are making is that a URL filter will not list Facebook.com as one of their blocked top-level domains (they are correct in that assumption).  If spammers manage to send spam from a web mail service like Yahoo Mail with a link to a Facebook page, then they can evade filters that rely primarily on reputation filtering.  Most filters today block 90% of their incoming spam with reputation filtering so the idea is that the odds of delivery (and hence, making a sale) are increasing.  Of course, if your content filters are perfectly capable of catching this type of spam (as ours are), then this isn’t that big a deal.

This is similar to the problem that URL shorteners have, that Twitter has, and now Facebook has.  These guys are going to have to start screening for malicious (abusive, spammy) links.  In the case of Facebook, it’s a bit tougher.  They have to stop the bot from signing up (challenge one) and then figure out a way to stop the bot from uploading spammy images.

In my opinion, this is a much better use of their time then disabling the music in some of the videos that I have uploaded because I don’t have the rights to redistribute the music (even though it’s just a personal video of me performing magic and the sound track makes it cool).  At least I’m not annoying anyone… except possibly the music industry.

Skip to main content