Fraudulent advertisers are behind majority of exploits, Commtouch study finds

Dark Reading Staff, Dark Reading

December 29, 2011

2 Min Read

Affiliate marketing sites are the final destination in three-fourths of all Facebook deceptions, according to a study released yesterday.

According to the Commtouch Internet Threats Trend Report, a year-end synopsis of Internet threats, visitors to these fraudulent Facebook-promoted sites are induced to fill out surveys that generate affiliate payments for the scammers, victimizing legitimate businesses that pay affiliate fees.

Users are induced to click on the scams through a variety of social engineering tactics, such as free merchandise offers, celebrity news, new (fake) Facebook applications, or simply a trusted friend sending a message stating: "You have to see this!" the report states.

After users first click on the scams, malware or malicious scripts are to blame for the further spread of slightly more than half the analyzed scams, the study says. These exploits fall into three main categories: likejacking, rogue applications, and malware or "self-XSS," it says.

In 48 percent of the cases, unwitting users themselves are responsible for distributing the undesirable content by clicking on "like" or "share" buttons, Commtouch says.

"Facebook scammers are out to make money, and affiliate marketing is a rich source," said Amir Lev, Commtouch's CTO, in a statement. "The same social engineering techniques that malware distributors and spammers have been using for years to induce people to open their unwanted mail or click on malicious links are being leveraged within Facebook and other popular social networks for ill-gotten gains."

Besides Facebook threats, the report discusses Web threats, phishing, malware, and spam throughout the year. The content of the report is based on data from Commtouch's GlobalView Network, which tracks and analyzes billions of Internet transactions daily.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights