Web2.0 Spammer @ World: Follow me on Twitter!!!

Alexandru Cătălin CoşoiSenior Researcher / AntiSpam Laboratory BitDefender

Twitter Spam

Blog Spam

Social Networks Spam

Phishing in Romania (2007-2009)

• 2007 – 7 attacks• 2008 – 26 attacks (50% targeting the same institution)• 2009 – 187 attacks already (98% targeting the same

institution)• 2009 – 1’st ½ … anyone want to make a prediction?

Don’t be fooled by randomness!

Now… why would anyone start phishing?

– With the current market turmoil, what's the easiest way to make a small fortune?

– Start off with a large one!

• Quote of the day (from a trader): "This is worse than a divorce. I've lost half my net worth and I still have a wife

• This market stinks so bad…that even Chuck Norris can’t make any money.

Well… I bet not anybody can phish!

Really… it must be more than this!!!

1. Open the yellow pages and pick someone

2. Search his name using a social media search-engine

3. If any SN profile found1. Download images, posts, comments, friend

2. Create a phishing attack customized for this exact person.

3. Continue with his friends

4. Complicated? Too much work? Dial 1-800 BOTNET for an army of computers to do this for you

PS: (success comes when the victim has profiles on more than one social network)

Questions?