3 ways to protect yourself from social networking malware
Spammers and virus creators have found a new path into your PC: social networks such as Facebook and MySpace.
CIO - As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent Web sites and deploying malware throughout their computers and networks, according to a a new report by MessageLabs.
While spamming via e-mail services remains prevalent, "spammers see social networks as the new horizon," says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a Web site in a box that says "Are you a human?"
Luckily, if you're wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.
1. Re-do your password: It's probably not strong enough.
Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling "male enhancement drugs."
In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.
Sergeant says not only should users be wary of phishing schemes, but also of the fact that research indicates spammers are able to guess passwords. He suggests beefing up your password with unpredictable letters, phrases and numbers. At CIO, we recommend checking out this helpful password how-to from our sister site, CSO Online.
2. Watch those third-party applications.
Facebook has built an ecosystem of third-party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).
While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it's hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, Sergeant says, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).
These apps tend to pander to basic human curiosities. A common example: "Jane has written some personal information about you! Click here to find how what she said!"
Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.
3. Beware of user-generated spam.
Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people's comment threads, for instance, and chime in with links that, if clicked on, will install malware.
For example, if you post a news story, a spammer might comment, "I blogged about this and check out this link." This can be trickier to decipher than a spam-based e-mail, since the participant looks fairly genuine about participating in the discussion on the surface. In fact, the comment might be left with your friend's name on it if his or her account was hijacked.
"It enables spammers to post blog comments on the pages of other contacts and allows them to send messages from the phished accounts to other contacts," the MessageLabs report says.
In other words, if it doesn't sound like your friend who left the comment, it very well might not have been. Check with that person directly before you click on the link (especially if you don't recognize the URL as a household name).
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!