Amazon S3 used by Facebook spammers

Jennifer Scott News
27 Jan, 2012

F-Secure claims the cloud service is being utilised by Facebook spammers facing crackdowns from the social networking site.

Facebook users are subject to numerous survey spam campaigns, but the perpetrators are now taking advantage of Amazon’s cloud services to launch their attacks.

A blog from security company F-Secure today claimed Facebook itself was doing well at weeding out spammers and blocking them from harassing their users.

However, it went on to accuse spammers of using Amazon’s S3 storage to host their fake surveys and urls, enabling the cyber stalkers to still invade Facebook and attract unsuspecting users.

“Using Amazon's S3 file hosting service solves quite a few problems for these perpetrators,” read the blog.

“Number one, Amazon's S3 web service is pretty inexpensive to set up, therefore they can still earn from the surveys. Number two, because Facebook has been pretty successful at blocking suspicious URLs linked to spam, hosting their scam's code in a safe and popular domain such as amazonaws.com gives them a better chance to sneak through Facebook's protections.”

The surveys even use geo-location technology to ensure spam targets the right country for the right marketer, and can go as far as offering fake Facebook pages or pretend YouTube plug-ins.

"We have seen some cloud hosting services abused before, but not like this," Mikko Hypponen, chief research officer at F-Sercure, told Virtual Clouds.

However, Hypponen admitted the cloud giant would be doing all it could to rectify the problems.

"Amazon has a solid security team and they are monitoring their systems to cut down attempts like these," he added.

We contacted Amazon for a reply to the accusations but it hadn’t returned our request at the time of publication.

Sign up for our free newsletter