This morning, I logged into my Facebook account to see what all of my various friends were up to. Is anyone having a birthday? I shall write on their wall some warm wishes. Is anyone doing anything interesting? Perhaps I could like their status. Does anyone have a clever wall post? Perhaps I can post a witty reply.
I logged in and looked at the notifications. One new friend request. “Hello, what’s this?” I asked. “A new friend? Who could it be?” The one thing about Facebook is that whenever you get a friend request, there’s always this momentary twinge of curiosity that is incredibly difficult to resist. I clicked on the Friends link to see who it was.
I saw who it was and experienced several emotions simultaneously – confusion, disappointment, and intrigue. It was from some random woman that I had never met before who was standing in a seductive pose. The name was not a normal name, it looked eastern European. It took me about two seconds to figure out that this was probably a social engineering mechanism; an avenue for abuse. The first thing that entered my mind, after the fog cleared, was that this was going to be the basis of a blog post. I clicked Accept.
I then proceeded to check out her profile. She had about 40 friends and there were a bunch of postings on her wall. Her age was about the same as mine, born in the same year but a few months earlier. In her status, there was a message about checking out her website so I decided to follow the link. I had an inkling of where it would take me… but decided to wait the 60 seconds while the page took an eternity to load (yep, in the world of the Internet, I consider 60 seconds an eternity).
Well, the page loaded and much to my non-surprise, I was taken to a porn page. Not Japanese porn, just typical run-of-the-mill spammer porn, the type you would normally see in a spam message. I sighed, rolled my eyes, shook my head and closed the tab. I then went back and defriended the account. I thought to myself “It figures, Facebook is being attacked this way with spammers signing up for profiles, creating them and randomly searching for people through the Friend Finder.” Well, at least it’s nice to know that I was targeted in this way, I hope it’s because I’m so well known in antispam… but the reality is likely that it was merely a chance occurrence.
I should have reported the abusive account to Facebook. Oh, well, better luck/memory next time.
yes it's true that nowadays there are lot of facebook spams already.
I typically use a command line tool such as curl to analyze a website link. Were you not concerned that in those 60 seconds the site may have attempted a zero-day exploit against your browser and dump some malware to your pc? Or did you use a virtual machine you then destroyed?
If you haven't already, have a look at this paper from CEAS 2008 (PDF):
<a href="http://ceas.cc/2008/papers/ceas2008-paper-50.pdf">Social Honeypots: Making Friends With A Spammer Near You</a>