Inside a Facebook botnet

How easy is it to get a Facebook botnet to do your bidding? All you need is cash, the right software, and a list of fake accounts. I did it in 10 minutes for less than $70.

Miami-based Hey Dude Skin Care is on a mission to help men get “dudified” by taking control of their personal grooming. Like a lot of small businesses, it uses a Facebook page to promote its services. Within a relatively short time Hey Dude’s page, filled with photos of bikini babes and body builders, has garnered more than 11,000 fans.

But most of those fans are unlikely to get dudified any time soon, because most of them don’t really exist. Hey Dude’s Facebook numbers have been artificially inflated by a network of zombie accounts run by a bot master.

According to Hey Dude’s Facebook Likes page, exactly one person was talking about the site on May 13. Two days later, 7,763 people were talking about it. The current number is now over 10,000. The most popular city for Hey Dude fans: Dhaka, Bangladesh – not exactly commuting distance to Miami Beach.

fb sock puppet 1 - hey dude likes 600p.png

Hey Dude is just one of dozens of pages I’ve found over the last few days that experienced a similar surge in Likes, all of them linked to the bot networks I wrote about earlier this week. Over the same period Micrositez, a digital marketing company based in Florida and the UK, went from 38 fans to 3,264. Rent My Vacation Home, a DC-based rental agency, went from two fans to nearly 15,000. Armadale Vodka went from 0 fans to more than 3,000. At least 70 other businesses and fan pages scattered around the globe were also beneficiaries of the same botnet.

In each of these cases, fake accounts created in Bangladesh and operated by an unknown entity began flooding the pages with Likes, most likely by using a $50 piece of software called Codename:Like (which was also endorsed by all of these zombies).

fb sock puppets 2 - codenamelike - cropped.png

Codename:Like is essentially a script that logs onto a fake account, finds the target page you want to promote, and clicks the Like button on that account’s behalf. It then goes on to the next fake account and repeats the process as often as you like. To keep Facebook’s security tools from detecting the bot, you can limit the number of likes it will issue at one time or add delays between the clicks to make them seem more human.

Spend a little more money and you can get versions of Codename:Like that let you use proxies, fool Captcha programs designed to thwart bots, and add fake friends and subscribers.

I used the free two-day demo version and purchased 100 fake Facebook accounts for $20 from BuyAccountsNow, a site registered to an address in Islamabad, Pakistan, that is recommended inside a Codename:Like readme file. I then applied some new likes to my personal Fan Page on Facebook.

These fake accounts were even more amateurish than the ones I wrote about earlier this week. They were all issued to randomly generated hotmail addresses like ttbq035051@hotmail.com, and aside from the photos and different Filipino surnames they appear to be identical.

fb sock puppets 3 - dans new fans cropped.png

But no matter; to Facebook they were as legit as any flesh and blood fans.

Who was using Codename:Like on behalf of all these sites? That’s the 64 million fan question. And none of the businesses I contacted for this post were willing to talk about it.

At press time Hey Dudes had yet to respond to several contact attempts. Micrositez and Rent My Vacation Home both denied using bots, but could not explain how their pages managed to become so popular so quickly. A representative from Armadale Vodka said he knew nothing about any botnets, added that his firm had engaged an outside marketing firm, but declined to name it. He then directed any further inquiries to his attorneys.

My best guess: There’s a black hat social media marketing firm promising miracle results and using botnets to deliver on them, and these firms bought into it. It’s a stupid strategy that will fail disastrously in the long term. Pretending your pages are popular when in fact no one is visiting them is certainly deceptive, if not illegal. Accessing pages using automated means such as bots is a violation of the Facebook Pages terms of service. Eventually even Facebook is likely to figure out what’s happening, at which point you could find yourself and/or your business booted off the network.

Look for more about the dangers posed by Facebook botnets, and what Facebook is doing about them, in a future post.

UPDATE: Shortly after this story posted I heard from a representative for Hey Dude Skin Care. She sent me the following statement:

"Hey Dude Skin Care is an emerging men's grooming brand. The company fell victim to an outside social media agency. Hey Dude's expectation was that said agency would identify new and relevant followers for the brand. The company's management is shocked to learn that the methods used by this outside agency to obtain followers/likes are based on dubious techniques. The methodology for obtaining followers was never shared with Hey Dude. Hey Dude will neither employ this agency again nor use others who practice similar methods."

Got a question about social media? TY4NS blogger Dan Tynan may have the answer (and if not, he’ll make something up). Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter: @tynanwrites. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Now read this:

Facebook's 'man in the middle' attack on our data

Making Facebook private won't protect you

Google’s personalized search results are way too personal

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies