Spam operators that use bots to support adult services are changing their tactic in order to avoid the detection mechanism of Instagram. Redirects remain the main strategy but come with other tricks to push the user to a specific website.
Bots that survive on the social networking platform follow and expect users to visit the profile and start private conversations. These accounts give Instagram’s protection mechanism little to choose from.
There are no photos or other details except the profile name and a short biography stating that nude pics are available to show the true purpose of the account.
The organism is spaced off with periods between each letter to remain unrecognized by Instagram’s automated activity detection measures.
Satnam Narang of the cyber-security company Tenable says this type of account is intermediary because it does not give visitors a connection to adult content sources.
They are instead linked to another Instagram account with an unbiting bio and a bitly-shortened URL. If this account is dropped, it is likely that there will be another.
The absence of activity-following a specific name pattern-prevents it from being detected by automatic means. Narang found that the campaign’s operator has been active since at least mid-2016 and since then has created nearly 1500 accounts.
The naming convention can be a way to keep track of the campaigns or indicate that several actors are playing the same game.
Not all bot accounts for adult spam follow a pattern for naming. Some of them use the name of a woman and also have some regular photos that do not show adult content. This is another tactic to prevent mechanisms for detection.
Another thing that they have in common is that the photos come with shortened quotations from famous novels. Narang found quotations from the’ Count of Monte Cristo’ by Alexandre Dumas and the’ Game of the Thrones’ by George R.R. Martin.
The investigator calls these “New Accounts” both due to quotes and because they are using a new approach.
The profile information does not contain any links, but the conversation with them shows automated answers that direct the user to a site with adult contents or services.
“The delay between the responses is interesting about these” conversations, “Narang notes, adding that even after 22 hours some responses were received.
In certain circumstances, the bots contact the targets via direct messages for Instagram groups. Spammers will create a direct message chat (up to 32) with as many users as possible and send text that will trigger a reaction.
Some of the sites that are promoted in this way lead to sexual preferences surveys and then to an adult database or webcam page.
To keep users suspects in check, certain operators have created a fake Instagram page which claims that the landing site has been verified and are safe.
Actually, the spammer hosting the “Leave Instagram” page on a controlled domain.
The actors behind these operations seem to be aiming in particular at mobile users since the loading of promoted links from a desktop computer leads to benign online locations. An old article by the Planetary Societies was redirected when a computer was accessed and loaded onto the intended website of the spammer when a mobile device was used.
“While this might be viewed as an effort to thwart examination by a researcher on a computer, there are ways around it for research purposes. However the real intention behind the redirects is likely to ensure that the “lead” is coming from a mobile device and not a computer, to ensure compliance with the adult dating affiliate program guidelines.” – Satnam Narang, Tenable
The human eye has no use in hiding the true nature of such profiles. But there are still plenty of “customers.” One of these shortened links recorded over 1000 clicks, almost all from Instagram users.
With regard to the location of these users more than half are from the United States, while other countries have less than 50 users.
Websites for social networking are the perfect base for spammers and scammers because they have a great pool of objectives. And with over one billion users, Instagram has little reason to believe that such operations are stopped soon.
Despite attempts to automatically identify and stop the sensing on a large scale, certain actors may find a way to get operations undetected; “the only thing that is constant is change, so we anticipate that these tactics will deviate over time, as the match between cat and mouse continues,” Narang says.
Image credit: Bleeping computers