Categories



Navigation



ShowCase

Search

Submit Articles

Your articles will be seen by tens of thousands of visitors and RSS feeds subscribers.

Submitted articles are reviewed by our staffs to ensure quality of content on this site. Please do not submit duplicated content.

What are you waiting for? Write an article and promote your site at no cost now.

Submit now















Social Networking Can Hurt Your Bank Balance!!! | Virus

By TedHastings
Total views: 4
Word Count: 1387














Social networking sites, MySpace, Facebook and Bebo, and have climbed in popularity recently. They allow users to keep in contact with their friends and meet new ones, but they can also expose them to viruses, spyware and other online dangers. As the use of Web 2.0 applications, like wikis, blogs and social networking sites increases, they attract the attention of cyber criminals. Many of the people who use these sites are relatively new to the Internet and they can lack experience in dealing with online threats.

The threats described in this article have now been countered by site owners, but new ones will appear in future as attackers develop their techniques in response to improved security. The interactive nature of social networking sites allows them to spread threats very quickly, making them attractive targets. Many of these threats exploit the fact that people trust their friends, without realizing that it is important to treat electronic communications with care, no matter who they seem to be from.

As with other aspects of Internet use, threats can be split into two categories: behavior-based and technology-based.

Threats Posed by Behavior

Behavior-based threats exist because users are not careful enough about the personal information they share online and make themselves vulnerable to phishing attacks and identity theft. Users can publish information about their friends, their likes and dislikes, their jobs and hobbies, totally oblivious to the fact that that this information is eagerly sought by identity thieves as it can help them improve their credibility.

After carrying out research on a random sample of Facebook users carried out by Sophos, an IT security company, showed that 41% were prepared to give out personal information like as email address, date of birth and phone number to a complete stranger. The researchers created a fictitious Facebook profile for a green plastic frog named Freddi and sent out 200 friend requests to random users all over the planet. 87 of the users contacted replied and 82 of them supplied personal information, like email addresses, date of birth, details about their education or workplace, address and phone number, as well as photos of friends and family and information about partners, hobbies and likes and dislikes.

Research carried out in 2007 by Internet Safety website Get Safe Online, showed that one in four UK social networking users had posted confidential personal information, such as their phone number or address on their profiles. 13% of users had posted information or photos of other people online without their consent. This figure rose to an alarming 27% among 18-24 year-olds.

Social networking sites can be the source of threats other than phishing. Eleven students at a high school near Toronto were suspended after posting comments about their principal on Facebook after the school enforced a district ban on electronic devices and announced it would impose a uniform policy. A school spokesman that the comments posted on Facebook amounted to cyber-bullying and described them as vulgar and profane.

There have been several stories claiming that young girls have been raped by older men who encountered them via MySpace or Facebook, but none of these appear to have been conclusively proved. The real problem is that social networking sites offer an opportunity for men to meet young girls in an unsupervised environment, something which should be of grave concern to parents.

Technology-Based

Social networking sites can also be a source of technology-based threats. They allow millions of users to post content, so it's fairly inevitable that some of these will be malicious persons attempting to post viruses or spyware.

At the beginning of 2008 more than three million Facebook users were infected with spyware in less than four days. A widget named "Secret Crush" or "My Admirer" is thought to have been downloaded by one and a half million users. It claimed that it would tell users who had a secret crush on them, but actually tricked them into downloading the infamous Zango spyware, which spread by asking unsuspecting users to forward it to five friends.

Anti-virus vendor Symantec has claimed that vulnerabilities which could be used by hackers to take control of Windows PCs have been found in ActiveX controls offered to users for uploading images to their pages by both Facebook and MySpace. The insecure controls are based on an ActiveX control named Image Uploader, produced by Aurigma Inc.

Towards the end of 2005, 19-year old Samy Kamkar wrote a worm that infected more than a million MYSpace users and caused the site to shut down. The Samy worm added a million friends to his profile within a few hours, adding the string "but most of all, Samy is my hero" to each of their profiles. Kamkar was later sentenced to three years probation and made to perform 90 days of community service.

In January 2008 a 17-gigabyte file containing more than half a million pictures obtained from private MySpace profiles appeared on BitTorrent, a well-known peer-to-peer file sharing service. This is biggest privacy breach to date on a social networking site. It was made possible because a security vulnerability, first reported in Autumn 2007, allowed hackers to access the photo galleries of some MySpace users who had set their profiles to private. This is the default setting for users aged under 16. This attack allowed pedophiles and voyeurs to target vulnerable 14- and 15-year-old users.

Brazilian users of Google's Orkut application were attacked in December 2007 by a worm that attempted to take control of their computers and steal their bank account details. It spread via booby-trapped links placed on the personal page of Orkut users and infected users when they viewed messages that came from friends who had already been exposed.

This loophole was closed quickly, but another worm, called Scrapkut, appeared on Orkut early in 2008. It seemed harmless at first, but it was soon discovered that it could intercept login sessions at several Brazilian banking Web sites and replace components with a fake authentication prompt which could capture the users' logon credentials.

YouTube has also been used indirectly to infect sites with malware. Many Internet users have received spam messages asking them to click on an attached YouTube video clip. The link actually takes them to a fake YouTube sight where they are told that they must install Adobe Flash Player to play the video. Clicking the supplied download link causes a file called install_flash_player.exe. This is the same name as the real Flash installer, but it actually installs a Trojan known as Trojan-Dropper.W32/Agent.

Countering Threats

We've looked at some of the dangers that you can encounter on social networking sites, but what can you do to protect yourself against them? Technology-based attacks can be generally be prevented by the usual software defenses. Anti-virus software will protect you against viruses, Trojans and worms and anti-spyware programs will protect you against spyware and adware. A good-quality firewall (remember that the one supplied with Windows XP is very basic) will protect you against hackers and Internet safety suites will protect you against a variety of threats.

Behavior-based attacks, which rely on persuading users to behave in an unsafe manner, are more difficult to deal with as they can only be countered by a change in user behavior. The Get Safe Online website provides a number of guidelines for networking safely, including the following:

Don't allow peer pressure to push you into doing something you're uncomfortable with.

Avoid posting information that could identify you, such as telephone numbers, photos of your home, workplace or school, your address, date of birth or full name.

Avoid including personal information in your username, eg: use dancing_girl33, rather than jane_brown.

Set up a free email account (eg: Yahoo or GMail) that doesn't resemble your real name and use that to register and receive mail from the site.

Use a strong password.

Don't make comments or post pictures that could prove embarrassing later.

Use the privacy features on the site to control access to your profile.

Beware of phishing scams.

If you ensure that your software defenses are strong and up-to-date and follow the above guidelines you should be able to enjoy surfing on social networking sites without problems.

Parents of young children should ensure that they are not allowed access to the Internet in an unsupervised environment. Even with older children they should try to keep an eye on their Facebook or MySpace profiles and watch out for any changes in behavior which may indicate that they are encountering online problems.

About the Author

Ted Hastings has many years of experience of IT and education. He has written a textbook on Internet Safety Skills and writes a regular blog entitled Surf Safely.

Rating: Not yet rated

Comments

No comments posted.

Add Your Comment

To leave a comment, please log in first.

You are here Articles > Health > Virus