Impermium Launches Social Spam Index; Finds That Up To 40 Percent Of Online IDs Are Fake

In June, we covered the launch of Impermium, a young startup aimed at zapping the Internet’s social spam wherever it hides. Not only is the startup bringing the heat to user generated spam like spammy comments, hacked accounts, and fraudulent registrations, but the startup also happens to be founded by Mark Risher, Yahoo’s former “Spam Czar”, as well as former Yahoos Vish Ramarao and Naveen Jamal. These guys have significant experience fighting spam, part of the reason they’ve already signed on investors like Accel Partners, AOL Ventures, Charles River Ventures, Freestyle Capital, Greylock Discovery Fund and Morado Ventures.

But the real fight that Impermium wants to help companies wage is the one against social spam — the spam that is proliferating on Facebook, Twitter, Google+, and social networks near you. As we wrote last month, via Blue Coat’s nifty infographic, malware networks are becoming increasingly dynamic and continue to wreak havoc on search engines, email, and everything in between. Spam, too, is on the rise — and this is no longer your father’s spam.

While Impermium is a web security and spam detection startup first and foremost, Risher said that in this new era of social spam, a new standard is needed. What he means is that, in the days of yore, web security companies held their cards close to their chest — when a new bot, form of malware, or spam was detected, white hats kept these discoveries (and their prescriptions) to themselves, hoping to become the star sheriff (and biggest moneymaking outfit) in town.

More collaboration among web security companies, social networks, and data collectors is no doubt needed, and while this isn’t a call to make all identified spammers, malware creators, and so on known widely to the public (because they’ll just change tactics), a revision of policy certainly seems in order. So, as part of this effort, Impermium is creating a resource for regularly published data on social web spam and abuse trends. Today, Impermium is announcing the inaugural Social Spam Index, which will include quarterly reports based on the data it collects from its customers and daily spam hunting.

The first report is based on a 100-day sample of the social web (between June and August) that analyzed 104 million pieces of user generated content (UGC) on social networks, blogs, and social bookmarking sites from a base of 90 million users across 72 countries. (Impermium currently counts Livefyre, Posterous, Formspring and Bebo among its early customers.)

Impermium’s new index has identified some interest — if not disturbing — trends in social spam that show that web businesses that depend on public user profiles are at significant risk in today’s web. What does that mean specifically? Well, for starters there’s this eye-opening statistic: As much as 40 percent of public accounts created on social networks are fraudulent. This means that many sites are overstating how many users they actually have; though fake accounts ranged from 5 to 40 percent across audited sites, with the percentage depending on the site, perceived value to spammers, and the ease of account registration.

Impermium also found that so-called “sleeper cells” of social web abuse are growing fast. One if its customers experienced an attack of 30,000 fraudulent new accounts in one hour. Those accounts then posted 475,000 malicious messages to legitimate community members.

As this data shows, social media exploitation techniques are evolving fast. Nearly every large consumer brand or significant news event is exploited by spammers on the social web. The deaths of Osama Bin Laden and Amy Winehouse, in particular, became major stories that spammers used to deceive people into clicking on malicious links. Thus, spammers not only target the areas where the most people hang out, but they’re also using emotionally charged content to dupe users into clicking on their spam.

Interestingly, Uggs came in as the most exploited brand in social media channels by twice as much as the next in line, Gucci, and five times more than Prada, number three. And in the surprise of the week, porn is no longer the top source of social spam — fashion and electronics were the top two sources of spammy content, outpacing porn by 3 to 1. This may just show some very interesting trend data in web use — it appears that, for once, porn is the underdog.

And sadly, it also seems that mom and pop shops have been turned and are getting into the spam game. Impermium’s report shows that small businesses have entered into social spam, reacting to the difficult economy by expanding into more illicit areas.

“Most companies will be shocked to see how rampant user registration fraud is on their site”, Risher said. “Bulk accounts for most popular social networks can now be purchased on the black market for pennies. This type of fraud has many significant ramifications, including a company’s ability to accurately value its user base and determine the actual cost of new customer acquisition”.

Rather than play into the real-names-only policy on Google+, the CEO continued, sites need a more flexible approach that maintains privacy without exposing them to this rampant proliferation of fake, bulk accounts.

For more on the Impermium Index’s inaugural results, check out the infographic below. And for more data, visit Impermium’s blog.