X

Buying your biz a buzz: Hackers sell fake Instagram 'likes'

The Zeus virus, originally made to steal credit card data, is now being used to create bogus Instagram accounts that can "like" businesses on the popular service -- if those businesses pay for the privilege.

Edward Moyer Senior Editor
Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.
Credentials
  • Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.
Edward Moyer
2 min read
"Our prices are unmatchable! What are you waiting for?" Screenshot by Edward Moyer/CNET

Would you pay $30 for a thousand bogus "likes" on Instagram? Apparently some buzz-seeking businesses would.

Reuters reports that hackers are selling rigged Instagram endorsements, and that to create these supposed indicators of a company's cool factor, they've rejiggered a virus originally designed to steal credit card numbers.

And get this: the endorsements sell for more than the credit card info.

Reuters cites security company RSA in reporting this new use for the Zeus virus -- malware that can be secretly slipped onto millions of computers to create a botnet, or army of "zombie" machines, that can do the hackers' bidding. (Last year, Microsoft launched an effort to wipe out a Zeus-related crime ring that had allegedly ripped off more than $100 million with the help of about 13 million zombie PCs.)

According to an RSA blog item earlier in the week, an unusual variant of the Zbot Trojan malware is being used to create battalions of fake Instagram users that can like and follow a given business or Instagram user and make a new product or personality seem popular.

Fake Instagram endorsements are sold in online hacker forums in batches of a thousand, Reuters says -- with followers going for $15 a batch and likes going for $30 a batch. Credit card numbers reportedly go for as little as $6 a batch.

RSA notes that an online search for "Purchase Instagram Followers" reveals several services that sell these bogus endorsements -- and indeed that's true, with a variety of prices cropping up, along with typical sales slogans such as "Delivery from 24 hr!" and "our prices are unmatchable!"

RSA notes that bogus followers are nothing new (in fact, we reported in a 2011 post that none other than Newt Gingrich had been accused of buying fake Twitter followers) but that this seems to be the first time a Zeus variant has set its sights on Instagram.

An Instagram representative sent us the following statement late Saturday:

We work hard to limit spam on our service, and prohibit the creation of accounts through unauthorized or automated means. We encourage people to report such accounts through the report links we provide in our apps and on our site. We process these reports through our operations team, and this information helps inform our site integrity systems. These technical systems also flag and block potential fake accounts based on anomalous site activity. Additionally, we employ robust systems to address accounts compromised through malware and phishing, which helps keep the number of fake accounts low.

Update, 5:10 p.m. PT: Adds statement from Instagram.