31 March 2010
BitDefender case study reveals detailed profiles, shared groups and mutual acquaintances give more credibility to fake identities
BitDefender�, an award-winning provider of innovative anti-malware security solutions, presented the results of a study about social gaming�s impact on the exposure of users� private data.
In order to reach high scores, social entertainment applications require users to gather a considerable number of friends and supporters to play the same game, leading to player-development of social gaming channels, groups and fan pages to facilitate player interaction.
Spammers and phishers exploit the increasing trend of social gaming with fake profiles and bots that send spam messages to groups, as the BitDefender case study presented at the MIT Spam Conference shows. Unlike the regular social networking spam, when the users are enticed to add the spammer in their circle of friends, the social gaming-related phony profiles are willingly added by the users as an immediate consequence of their interest in enlarging the supportive players� community. This makes it almost impossible for the bogus accounts to be automatically suspended, since the spammers� action does not constitute an abuse.
The study also demonstrates that the most successful fake accounts are those miming real profiles, which hold plenty of details and pictures of the �user.� In an acceptance experiment, BitDefender researchers created three honeypot profiles � one without any picture and holding few details, another with an image and limited information and a third with a large amount of data and photos. All three profiles where subscribed to general interest groups. One hour after adding people to each profile, the circle of friends enlarged with 23 connections for the first profile, 47 for the second profile and 53 for the third profile.
After joining social games groups, the volume of users willing to add unknown people drastically increased. Within 24 hours, 85 users accepted a request from the first profile, 108 from the second and 111 from the third.
�Users are more likely to accept spammers in their friends list when they are in a social network than in any other online communication environment,� said George Petre, BitDefender threat intelligence team leader and author of the case study.
The security implications are numerous, ranging from the consolidation and increase of the spamming power, data and ID theft, accounts hijacking to malware dissemination. A shortened URL posted without any explanation on each honeypot profile was followed by 24 percent of the friends from the three accounts, even if they did not know who posted it and where was going.
�This fact brings spam and social engineering schemes closer to the user than any e-mail spam or online scam. Moreover, we have seen that in a social applications environment, users can easily be tricked to add spammers to their profile. Thus, we recommend social gaming aficionados use extreme caution before enlarging their circle of friends,� Petre added.
The complete case study is available here.
For more information regarding BitDefender products, please visit www.BitDefender.com. To stay up-to-date on the latest e-threats, sign-up for BitDefender�s RSS feeds here.
MEDIA RELATIONS
[email protected]INDUSTRY ANALYST RELATIONS
[email protected]INVESTOR RELATIONS
[email protected]