Home | News Alerts | Evolving Threats on Social Networking Sites

Evolving Threats on Social Networking Sites

New viruses embarrass, scam users

December 15, 2009

Social network users just can’t catch a break – the many ways in which their accounts can be exploited keep evolving. And now, a recent story in The New York Times highlights the phenomenon of scammers commandeering a whole new generation of computer worms and viruses designed to use our online “friends” against us.

Many of the scams are created by hackers looking to earn money by referring new people to online stores. (Some of those retailers are actually just facades for Web sites designed to steal consumers’ personal information). It’s a variation on the old phishing scam, in which con artists use the brands and personal contacts that people trust to fool them into clicking buttons that download dangerous software.

In with the new

In the old age of phishing, such a mistake might lead to a devastating, though largely private, disaster. But with worms and viruses on social networking sites, your account may suddenly send out hundreds of messages urging your friends, colleagues or customers to buy Victoria’s Secret underwear or check out a site of pornographic photos. The private crisis of having a hacked computer suddenly becomes a very public humiliation.

“When people got viruses on their computers, or fell for scams at home, they were generally the only ones that knew about it and they cleaned it up themselves,” Chet Wisniewski of Web security firm Sophos told the Times. “It wasn’t broadcast to the whole world.”

Like wildfire

Worms and viruses are spreading quickly through social networking sites. According to a study by Sophos, 21 percent of Web users say they have been targeted by a malicious program on social networks. On any given day, one in 500 Twitter links connect to malicious Web sites intended to download viruses, according to Kaspersky Labs, a Russian security firm.

And here’s the worst part: Since they are embedded in social networking sites and not coming through e-mail or Web site links, the new viruses and worms are often immune to antivirus and firewall software. Many victims told the Times that they never even learned that their Facebook account had been hijacked to send out embarrassing messages until someone—in some cases a work colleague—sent them messages asking what was happening.

“You feel like a total idiot,” Jodi Chapman told the Times. She uses Twitter to communicate with hundreds of customers of her environmentally friendly gift store. Her account was hacked to send an I.Q. test to all her contacts. “I was so worried that I had somehow tainted our company name by asking people to check their I.Q. scores,” said Chapman.

Protect yourself now

Right now there’s no software fix for social networking viruses and worms. The only way to protect yourself is old-fashioned common sense. Here are a few steps you can take:

• Think before you click. You haven’t seen your cousin from Missouri in five years. How could he have a Web video of you that you’ve never seen? Answer: He doesn’t, and that’s not your cousin. It’s a hacker trying to trick you into clicking away your identity. So many of us click through the Web so quickly that we wind up on dangerous pages with no idea how we got there. So stay alert, and think before you click on anything that may be suspicious.

• Make a better password. Matt Marquess told the Times that his stolen Twitter password was “abc123.” Don’t do that. Hackers don’t have the time to break sophisticated codes. But a simple password, like only using your name, is like sending identity thieves an invitation.

• Choose your contacts wisely. Your friends may forgive you for sending spam about Victoria’s Secret underwear. Your boss may not.