3 ways to protect yourself from social networking malware
Spammers and virus creators have found a new path into your PC: social networks such as Facebook and MySpace.
CIO - As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent Web sites and deploying malware throughout their computers and networks, according to a a new report by MessageLabs.
While spamming via e-mail services remains prevalent, "spammers see social networks as the new horizon," says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a Web site in a box that says "Are you a human?"
Luckily, if you're wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.
1. Re-do your password: It's probably not strong enough.
Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling "male enhancement drugs."
In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.
Sergeant says not only should users be wary of phishing schemes, but also of the fact that research indicates spammers are able to guess passwords. He suggests beefing up your password with unpredictable letters, phrases and numbers. At CIO, we recommend checking out this helpful password how-to from our sister site, CSO Online.
2. Watch those third-party applications.
Facebook has built an ecosystem of third-party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).
While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it's hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, Sergeant says, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).
These apps tend to pander to basic human curiosities. A common example: "Jane has written some personal information about you! Click here to find how what she said!"
Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.
3. Beware of user-generated spam.
Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people's comment threads, for instance, and chime in with links that, if clicked on, will install malware.
For example, if you post a news story, a spammer might comment, "I blogged about this and check out this link." This can be trickier to decipher than a spam-based e-mail, since the participant looks fairly genuine about participating in the discussion on the surface. In fact, the comment might be left with your friend's name on it if his or her account was hijacked.
"It enables spammers to post blog comments on the pages of other contacts and allows them to send messages from the phished accounts to other contacts," the MessageLabs report says.
In other words, if it doesn't sound like your friend who left the comment, it very well might not have been. Check with that person directly before you click on the link (especially if you don't recognize the URL as a household name).
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts