Zeus malware rejigged to fake Instagram 'likes'

A computer virus widely used to steal credit card data, known as Zeus, has been modified to create bogus Instagram "likes" that can be used to generate buzz for a company or individual, according to cyber experts at RSA, the security division of EMC.

The number of likes on an Instagram photo are pictured on a mobile device screen in Pasadena, California August 14, 2013. Credit: Reuters/Mario Anzuoni

These fake "likes" are sold in batches of 1000 on Internet hacker forums, where cyber criminals also flog credit card numbers and other information stolen from PCs.

According to RSA, 1000 Instagram "followers" can be bought for US$15 (A$16.44) and 1000 Instagram "likes" go for US$30 (A$32.88), whereas 1000 credit card numbers cost as little as US$6 (A$6.58)

It may seem odd that fake social media accounts would be worth more than real credit card numbers, but online marketing experts say some people are willing to spend heavily to make a splash on the Internet, seeking buzz for its own sake or for a business purpose, such as making a new product seem popular.

"People perceive importance on what is trending," said Victor Pan, a senior data analyst with WordStream, which advises companies on online marketing. "It is the bandwagon effect."

The modified Zeus virus is the first piece of malicious software uncovered to date that has been used to post false "likes" on a social network, according to experts who track cyber crime.

Fraudsters most commonly manipulate "likes" using automated software programs.

The modified version of Zeus controls infected computers from a central server, forcing them to post likes for specific users. They could also be given marching orders to engage in other operations or download other types of malicious software, according to RSA.

Cyber criminals have used Zeus to infect hundreds of millions of PCs since the virus first surfaced more than five years ago, according to Don Jackson, a senior security researcher with Dell SecureWorks.

That the virus is now being adapted to target Instagram is a sign of the rising importance of social media in marketing, and the increasing sophistication of hackers trying to profit from the trend.

Experts say schemes to manipulate social networks are unlikely to go away. Creating fake social media accounts can also be used for more nefarious purposes than creating fake "likes," such as identity theft.

"The accounts are always just a means to an end. The criminals are always looking to profit," said computer security expert Chris Grier, a University of California at Berkeley research scientist who spent a year working on a team that investigated fake accounts on Twitter.

Facebook, which has nearly 1.2 billion users, said it is in the process of beefing up security on Instagram, which it bought last year for US$1 billion. Instagram, which has about 130 million active users, will have the same security measures that Facebook uses, said spokesman Michael Kirkland.

(Reporting by Jim Finkle; Editing by Tiffany Wu and Claudia Parsons)