3 ways to protect yourself from social networking malware
Spammers and virus creators have found a new path into your PC: social networks such as Facebook and MySpace.
CIO - As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent Web sites and deploying malware throughout their computers and networks, according to a a new report by MessageLabs.
While spamming via e-mail services remains prevalent, "spammers see social networks as the new horizon," says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a Web site in a box that says "Are you a human?"
Luckily, if you're wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.
1. Re-do your password: It's probably not strong enough.
Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling "male enhancement drugs."
In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.
Sergeant says not only should users be wary of phishing schemes, but also of the fact that research indicates spammers are able to guess passwords. He suggests beefing up your password with unpredictable letters, phrases and numbers. At CIO, we recommend checking out this helpful password how-to from our sister site, CSO Online.
2. Watch those third-party applications.
Facebook has built an ecosystem of third-party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).
While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it's hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, Sergeant says, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).
These apps tend to pander to basic human curiosities. A common example: "Jane has written some personal information about you! Click here to find how what she said!"
Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.
3. Beware of user-generated spam.
Social networks like Facebook rely on users to enrich the experience by posting content such as pictures and video (as well as links) and then sharing the content with their contacts. Spam-based social networkers will go to other people's comment threads, for instance, and chime in with links that, if clicked on, will install malware.
For example, if you post a news story, a spammer might comment, "I blogged about this and check out this link." This can be trickier to decipher than a spam-based e-mail, since the participant looks fairly genuine about participating in the discussion on the surface. In fact, the comment might be left with your friend's name on it if his or her account was hijacked.
"It enables spammers to post blog comments on the pages of other contacts and allows them to send messages from the phished accounts to other contacts," the MessageLabs report says.
In other words, if it doesn't sound like your friend who left the comment, it very well might not have been. Check with that person directly before you click on the link (especially if you don't recognize the URL as a household name).
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!