Reuters recently broke the story that the infamous “Zeus” virus has been repurposed. “Zeus” installs malware on personal computers that allow hackers to directly control those PCs, has been repurposed. Cybercriminals have typically used malicious software to commit Internet fraud and identity theft for direct financial gain. They are now finding it much more profitable to use it to force PCs to “like” or follow users, products, and services on social media sites such as Instagram.
According to RSA, the cybersecurity division of EMC Corp., the price for 1,000 bogus Instagram “likes” is now five times higher than the price for the same number of stolen credit card numbers. That number of card numbers can be purchased on hacker forums for as little as $6, while 1,000 Instagram followers costs $15 and 1,000 “likes” is $30.
Why are businesses purchasing these phony endorsements? “People perceive importance on what is trending,” said a senior data analyst with the Internet marketing consultancy WordStream. “It is the bandwagon effect.”
Reuters didn’t specify how much that “bandwagon effect” might be worth to a company. However, the use of fabricated endorsements in advertising certainly isn’t new. In telemarketing, blogging, and print and broadcast advertising, false or misleading endorsements are considered a violation of the FTC Act.
Just as troubling as the potential of these sham “likes” and followers being considered false or misleading, of course, is their connection to the Zeus malware. Simply because Zeus is being used to promote early interest in products or services, RSA warns, does not mean the virus has become merely a spam-server. Computers infected with Zeus can be forced to download other kinds of malicious software. It identifies user passwords and financial information and performs other operations, as well.
Another Internet marketing specialist quoted by Reuters sees the counterfeit “likes” and followers simply as spam. It’s useful in its way, but a practice that can easily backfire on those who use it over-enthusiastically. “It’s fine to do for the first 100,” he explained, to build early interest, “but I always advise stopping after that.”
He pointed to one client who bought 300,000 Facebook “likes” against his advice and ended up damaging its own reputation. “It was just ridiculous,” he told Reuters. “Everybody knew what they were doing.”
What do you think? When companies purchase fake Internet “likes” or followers, is it merely spam or false advertising? Or should it be prosecuted as criminal internet fraud?
Source: Reuters, “Virus targets the social network in new fraud twist,” Jim Finkle, Aug. 16, 2013