If you are not familiar with the Twitter diet spam campaign, please read my earlier blog post first. Same campaign is ongoing also on Pinterest. Most likely other social media sites are targeted as well. Just recently similar campaign was spotted on Instagram.
In this post I will explain how to search for “spam pins” on Pinterest by using a domain name. You can first locate compromised web-sites from Twitter by searching e.g. “dr oz helped me lose” – see the screen-shot below:
Lets pick a domain from the first link: “ianharbaugh.com”. if you visit the site, you will notice it is powered by WordPress like many compromised sites. I believe hackers have scanned a big amount of WordPress-powered sites against known vulnerabilities. By using suitable tools, it is relatively easy to install a backdoor – or like in this case, a malicious redirect script – to the website. The websites may have nothing to do with the spam campaign and are most likely victims like many users.
Back to Pinterest: there is one easy way to search for possible spam pins by using a domain name e.g. http://pinterest.com/source/ianharbaugh.com/ – screen-shot is below:
Naturally any pin could be real and non-malicious, originating from a normal website making further checks more difficult, but in this case all pins are spam. Screen-shot of the first pin (posted about four weeks ago):
Spreading spam pins happens easily via “repin” and “like” functions – similar to retweet and favorite on Twitter. After searching for spam pins for about two hours, I think it is safe to say that this spam campaign has been successful also on Pinterest. I have also found many new hacked (WordPress powered) websites.
As noted earlier, many normal Twitter accounts have been compromised for this campaign. It seems same applies to Pinterest. Naturally there are some obvious spam bots involved.
Currently it is not clear how the accounts have been hacked.
Instructions to Pinterest users
If you believe your account has been compromised, change your passwords immediately. Not just on Pinterest: change e-mail, Facebook, Tumblr, Twitter, Instagram etc. passwords. Do not use same password on all services. See also Pinterest Help Center instructions.
Notifying the affected websites
I have sent email two three hacked websites. No responses so far, one email bounced and nothing has been fixed. Some other approach is needed: emailing all admins would take too much time. Website admins might need some instructions, too. Perhaps it is easier to remove all files and re-install WordPress as opposed to deleting malicious files and upgrading all software? I hope some area experts will provide advice on this.
6:15 PM, GMT+2, new spam pins spotted: http://pinterest.com/source/barefootstudio.co.uk/