Botnets and their business through porn links on Instagram

Laramalone5917 wants to send you a message. His Instagram account is public and he has no posts. He had no follower when he sent me the message, but a week later he was 47 and still 94. In his biography he says that he is from Córdoba and has a main image of a young girl on the beach. When I access the message, it is a group chat with 14 other people. This user, who is the administrator of the chat, sends a link that redirects you to a pornographic page.

If you have an Instagram account, it is most likely that you have received one or more requests similar to Lara’s through a message containing a link. Lara does not exist, she is not a woman, but a botnet, also known as a «zombie army». In this particular case, These are usually accounts whose pattern is to create groups and send a pornographic link automatically, use a username with “name-name-number”, have similar creation dates and all perform an identical activity.

–

The company Avast, a software antivirus, points out that it is «a network constituted by a large number of computers that have been ‘hijacked’ by malware, so that they are available to a hacker. Today, they are considered one of the biggest threats on the Internet and a business that moves large amounts of money per year.

Marcelino Madrigal, a well-known cybersecurity expert, explains that a botnet is a set of accounts that are automated and are created, in most cases, for monetary reasons. “They work to raise money and generate all kinds of cybercrimes, such as phishing, stealing passwords or SCAM (scams through electronic means)”, Add.

These types of fake profiles often use stolen images of models that are constantly repeated. “A botnet often uses a photo of an exuberant woman to speak to you via direct message. They can tell you ‘I’m going to show you some photos of me’. That is very difficult to happen in real life. They try to use the innocence of the people», Details Marcelino.

Botnets have existed on all social networks for years and, according to Marcelino, “the origin is a bit obscure.” «Many of these accounts come from eastern countries and are dedicated to redirecting you through a link to normally pornographic pages in which they distribute malware, which are programs similar to that of a virus that are used to steal passwords or other information. A botnet is not created by four thugs to entertain themselves, but there is always an economic interest involved, “he argues.

Before, in the case of Instagram, it was common to see how this type of fake profiles used to send friend requests or give “likes” to the publications of this social network. We have become accustomed to this happening and we stop wondering who the person behind it is. But now botnets also send you direct messages with misleading links. According to Marcelino, «social media doesn’t pay enough attention to botnets until problems start to arise. Taking into account that the networks know all our data and even place personalized advertising on us, it should be very easy to detect that behind these types of profiles there is no real person. But that means spending resources, money and time to stop it, and they don’t want to do it.

What happens if I click on a botnet link?

I meet with a computer scientist to securely access the link Laramalone5917 has sent me. I click and it redirects me to an intermediary web page called Dateszone. I get a warning: «You are going to see nude photos. Please be discreet. I give “continue” and a questionnaire appears. I answer a series of questions like “Agree to keep the identity of these women secret?”, “They just want quick sex. They don’t want to date. Do you accept this condition? » or “Are you at least 25 years old?” After this questionnaire, I’m redirected to another page: Loveaholics, a dating website. He asks me again to answer a series of questions, but this time asking for gender, sexual preferences, age, address, passwords, marital status and email. They are supposed to ask for this information to create an account and even ensure that they take privacy “very seriously”.

–

You register for free at Loveaholics and access the account. You haven’t posted a single photo and you haven’t been online for a second when you start receiving messages from women. However, they are not real people, but a botnet that sends automatic messages, creating the feeling that there are more real users. The trick is that they talk to you, but don’t let you respond until you sign up for a premium account. Many users end up paying for the subscription and later have problems to be able to unsubscribe from that service. In fact, there are several pages where users are reporting that it is a scam. In addition, in the premium version there are still botnets and they even indicate more profiles in your area than there actually are, because you can see the same girl in Madrid as in Seville or London. The profiles are repeated with the same images, but different names. That is one way to detect them. The irony is that the company assures that it does not allow spamming within their services, but nonetheless they do use botnets to flood platforms like Instagram with affiliate links.

So, you have to be careful with these types of dating or pornographic websites, because, in addition to being scammed, they can steal your data. If we read the terms of service of Loveaholics we find that it collects the following data: the information that is uploaded to the profile (photos and videos), the messages you send through the chat, data of the transactions you carry out, data of other social networks that you link , the location and data related to your use of the site. In these conditions they also explain that they can make duplicate profiles with your data or use your photographs “for advertising and commercial purposes, free of copyright.”

In the “use of your personal information” section they state: “You acknowledge and declare and state that you grant us, our partner sites and groups of companies, a copyright-free, irrevocable, international, non-exclusive and perpetual license to use, copy, publish, display, reformat, translate, distribute the information or content, and grant and authorize licenses to third parties of the same. What’s more, you waive any moral right you may have over said information or content. We may assign or sub-license the above license to our affiliates and successors without their approval.

Likewise, The personal data that this company collects about its users are stored in a “location outside the European Economic Area”, so they do not adhere to the privacy policy of the European Union. In fact, the company assures that cannot “guarantee the security of your personal data”Nor can it ensure that the information they collect may be “used or disclosed in an inconsistent manner” with their privacy policy.

This happens with Loveaholics, but also with more similar pages. If we click again on the link that the botnet sent us on Instagram and we do the questionnaire that it requires, then it redirects you to another page other than Loveaholics. Specifically, it redirects us to Relacionesmaduras.com.

Apart from the problems involved in accessing these websites and links that a botnet can send us, these pages also earn money for each view. They are pages that use what is known as “affiliate marketing”. A botnet draws people to affiliated websites, which are usually pornographic, and then the companies on these pages pay the controller of the pornographic botnet for generating traffic to their website.

However, Marcelino Madrigal says: «The fact that they redirect you to a page to earn some money through that click is the least they can do because, normally, the damages are much greater. We are talking about bank scams or theft of data from the device you use. Those things are what really interest them. He also recommends: «If a person you don’t know sends you a direct message with a link, don’t click because they will surely harm you. The aim of these people is not to play a joke on you, it is purely monetary.

To prevent your computer from being at risk or being compromised by a botnet, Marcelino advises keeping both the operating system, the applications and the antivirus updated.

Users of Instagram or any social network should be skeptical of “likes”, direct message requests or friend requests of any unknown and suspicious profile. And in the event that you find a possible false profile, you have to inform the social network that it is spam. Do not click on links that unknown people send you and, as Marcelino Madrigal says, always use common sense.

– .