Panda Security has exposed a network selling bots which specialise in targeting social networks and webmail systems. The publicly available website contains an extensive catalogue of programs aimed at social networks and webmail services, including Twitter, Facebook, MySpace, YouTube, Friendster, Gmail and Yahoo amongst others.
Each entry explains the reason for which the bot has been created: creating multiple accounts simultaneously on social networks; identity theft and stealing friends, followers or contacts and the automatic sending of messages. According to the page, “All Bots Work in a conventional manner; they gather friends IDs/names and send friend requests, messages and comments automatically.”
“This is another example of the lucrative business that malware represents for cyber-criminals,” warns Jeremy Matthews, head of Panda’s sub-Saharan operations. “While some of the activities the bots are used for are more innocent – such as the creation of accounts – others are specifically focused on fraud, including the theft of identities and photographs.”
Prices range from $95 (R724) for the cheapest bot to $225 (R1715) for the most expensive. The entire catalogue can be bought for $4,500 (R34284). The network guarantees that they will never be detected by any type of security solution, claiming that they have been developed to change users, agents and headers as many times as is necessary to prevent them from being blocked. They also get round CAPTCHA security mechanisms included on many websites so the buyer just has to set the parameters and leave the bots to operate on their own. The bots also include perpetual updates.
The bots are specially adapted for each website, and the list of targets include not just globally popular social networks or communities, but also local sites. On the same portal there is also an offer to earn money by reselling these ‘products’ as an affiliate.
“It is these kinds of models that help to build cyber-mafias and organizations that operate across several countries. We should still not forget, however, that this business exists not just because there are developers creating the threats, but also because there are criminals who are prepared to pay for them. Until we are able to prevent people from defrauding victims in this way, this business model will continue to thrive,” says Matthews.