December 11, 2013Dancho Danchev By Dancho Danchev

How cybercriminals efficiently violate YouTube, Facebook, Twitter, Instagram, SoundCloud and Google+’s ToS

With social media, now an inseparable part of the marketing expenditures for every modern organization, cybercriminals quickly adapted to the ongoing buzz, and over the last couple of years, have been persistently supplying the market segment with social media metrics performance boosts, in the the form of bogus likes, dislikes, comments, favorites, subscribers, and video/music plays. This process, largely made possible by the massively undermined CAPTCHA bot vs human verification practice, results in automatically registered accounts, or the persistent data mining of malware-infected hosts for accounting data for social media accounts, continues to scale, allowing both individuals and organizations to superficially boost their social media reputation. In this post, I’ll discuss a recently sampled such service, offering an unlimited number of likes, dislikes, comments, favorites, subscribers and video/music plays, that’s either monetizing automatically registered accounts, compromised legitimate accounts, or what we believe they’re doing, a mix of both in an attempt to meet the demand for their services.

Sample screenshots of the service’s offerings:






Not only are such services violating the Terms of Service of the targeted Web properties, they’re also denying them access to revenue streams, potentially undermining the core functionality of the service, namely, an authenticated legitimate human. With more services offering access to compromised social networking accounts popping up on our radars, in combination with commercially available API-supporting, CAPTCHA-bypassing automatic account registration tools, we expect that cybercriminals would continue monetizing this persistent and efficient abuse of a social network’s ToS.

We advise users to be suspicious when receiving social media content from an entity they didn’t opt-in to receive updates/content from — a sign for a possible compromised accounts that have been abused by the type of service discussed in this post — and to enable two-factor authentication, next to any additional security measures in place, offered by the social network in question.

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *