The news this week that Facebook and Twitter have been hit by spammers using ‘fake friend’ accounts, to steal passwords and identities. This is the latest indication that in 2009 cybercrimals will consider such social networking sites as viable medium for spreading and profiting from crimeware.
Initial signs that this trend would become a reality were raised in May 2008 when the BBC identified how it was possible for Facebook users to have their personal details stolen via a malicious program masquerading as a harmless application that users add to their profile. Several months later Kaspersky Lab detectedtwo variants of the now famous Koobface worm, Networm.Win32.Koobface.a. and Networm.Win32.Koobface.b, which were attacking the social networking websites MySpace and Facebook respectively, transforming victim machines into zombie computers to form botnets.
Social networking sites are easy prey for cyber criminals. On the one hand, users are very trusting of these sites, so they lower their guard. On the other hand, vulnerabilities in these sites are often left open for significant periods of time, making it easy for hackers to take full advantage of security loopholes.
Such trust has always been the key weapon in the cybercrimials armoury. Afew years ago, this focused on getting naAve consumers to click on e-mail attachments. Next it was getting people to click on links (sent either via email or instant messaging) or download a ‘juicy’ (but malicious) program from a website. In every case the cybercrime used trust and trickery to encourage people to do what they shouldn’t, without realising it. What is worse now, of course, is that more and more of us have always-on connections and we use lots of online resources, for social networking, banking and shopping. The result is that more information about us is now in the public domain and we don’t always take adequate steps to protect this data. For example, many people use the same password for multiple online resources. So when a cybercriminal tricks us once, he may achieve a ‘multiple whammy’ on our data: access to a bank account, an eBay account, a Facebook account, etc.
There are preventative steps that people can take to safeguard themselves from current and inevitable future threats, to ensure that they can continue to enjoy the many benefits that social networking sites and other Internet services bring. Of course, having an up-to-date Internet security solution, such as KasperskyInternet Security 2009, is the primary defence, followed by other sensible steps such as using a unique password for each account, not using real words, mixingletters, numbers and non-alphanumeric characters and usinga mixture of upper and lower case characters.
Kasperksy Lab produces ‘The ‘Safe Online Guide’, available free at: www.kaspersky.co.uk/safeonline (you can also download a 60-day free trial of KasperskyInternet Security 2009. The guide provides a useful first step to understanding the potential dangers of being online – and what steps need to be taken to protect against them.