<<<
NEWS FROM THE LAB - Monday, October 4, 2010
>>>
 

 
Voi Paska, Facebook Spam Localized in Finnish Posted by Sean @ 17:57 GMT

Say you're a social media spammer that drives traffic towards CPAlead.com surveys…

What do you do when English speakers are increasing desensitized towards Facebook spam?

Language localization!

We're currently seeing a run of Facebook spam that uses the following subject:

"Voi paska, katso miten k�vi kun is� n�ki tytt�rens� webcam-esityksen"

Facebook Search: Voi paska

It's a Finnish translation of the popular English spam subject:

"OMG, dad catches daughter on webcam"

The spam links to this Page:

Varoitus

After clicking on the confirm button, the user will be asked to click a series of numbered buttons:

Seuraa allaolevia ohjeita jatkaaksesi

This is a form of clickjacking that will result in the link automatically being liked and shared to the user's profile, thus spreading to friends via the News Feed.

Firefox Add-on NoScript provides protection against this type of threat:

NoScript, ClearClick Warning

Here you can see NoScript's ClearClick Warning that the "1" button is actually a hidden "share" button.

NoScript, ClearClick Warning

If the user clicks the submit button, he'll be directed to a website which prompts him to sign up for a promotion in order to prove that he's human (as an antispam measure).

This is the promotion, hosted in the Netherlands:

Voita

Here's the fine print:

Voi_paska_19Euroa

It's a 19� SMS based subscription. Ouch.

And finally, what do you get if you provide your phone number and continue?

Nothing more than a video that you can easily search for on YouTube on your own.

Voi_paska_YouTube

We've reported the Page as spam.

Facebook_Report_Page_Spam

At 17:00 there were 76,000 Page likes. At 20:45 there are 94,000.

Non-native English speakers often feel a sense of security from spam and scams because language localization is rather rare via e-mail. (Especially for an obscure little language such as Finnish.) But it isn't as difficult to localize social media content.

Don't feel a false sense of security. 19� per lead provides spammers a lot of motivation.

Updated to add: 107,000 people clicked on this spam link before Facebook disabled the Page. That is equal to 2 percent of Finland's population! E-mail spam gets no where close to this type of conversion rate.

We're edited the post and have added an image. See this pohttps://www.f-secure.comw.f-secure.com/weblog/archives/comments.html?PostID=00002041">comments for additional information.