|
Social networking sites, MySpace, Facebook and Bebo, and have climbed in popularity recently. They allow users to keep in contact with their friends and meet new ones, but they can also expose them to viruses, spyware and other online dangers. As the use of Web 2.0 applications, like wikis, blogs and social networking sites increases, they attract the attention of cyber criminals. Many of the people who use these sites are relatively new to the Internet and they can lack experience in dealing with online threats.
by TedHastings
Social networking sites, MySpace, Facebook and Bebo, and have climbed in popularity recently. They allow users to keep in contact with their friends and meet new ones, but they can also expose them to viruses, spyware and other online dangers. As the use of Web 2.0 applications, like wikis, blogs and social networking sites increases, they attract the attention of cyber criminals. Many of the people who use these sites are relatively new to the Internet and they can lack experience in dealing with online threats.
The threats described in this article have now been countered by site owners, but new ones will appear in future as attackers develop their techniques in response to improved security. The interactive nature of social networking sites allows them to spread threats very quickly, making them attractive targets. Many of these threats exploit the fact that people trust their friends, without realizing that it is important to treat electronic communications with care, no matter who they seem to be from.
As with other aspects of Internet use, threats fall into two categories: behaviour-based and technology-based.
Threats Posed by Behavior
Behavior-based threats arise because users are not careful enough about the personal information they put in their online profiles, making themselves vulnerable to identity theft and phishing attacks. Users often publish information about their friends or workmates, their likes and dislikes, their jobs and hobbies without realizing that this information is valuable to identity thieves as it can help them improve their credibility.
Sophos, an IT security company, carried out research on a random sample of Facebook users which showed that 41% of them would give out personal information like as email address, birthday and phone number to a complete stranger. They posted a fictitious Facebook profile for a green plastic frog named Freddi and sent out 200 friend requests to random users across the world. 87 of those contacted replied and 82 of them supplied personal data, such as email addresses, date of birth, information about their education or workplace, address and phone number, as well as pictures of friends and family and information about partners, pastimes and likes and dislikes.
Research carried out in 2007 by Internet Safety website Get Safe Online, showed that one in four UK social networking users had posted confidential personal information, such as their phone number or address on their profiles. 13% of users had posted information or photos of other people online without their consent. This figure rose to an alarming 27% among 18-24 year-olds.
Threats other than phishing can found on social networking websites. Eleven Canadian high school were suspended after making comments about their principal on Facebook when the school imposed a ban on electronic devices and implemented a uniform policy. A school spokesman claimed that the comments constituted cyber-bullying and described them as vulgar and profane.
Several stories have claimed that young girls have been raped by older men who first met them via MySpace or Facebook, but none of these stories appear to have been conclusively proved. However, it remains a major problem that social networking sites can offer an opportunity for men to meet young girls in an unsupervised environment, something which should be of great concern to parents.
Technology-Based
Social networking sites can also be a source of technology-based threats. They allow millions of people to post content, so it's inevitable that some of these will be malicious individuals attempting to post malware.
More than three million Facebook users were infected with spyware in less than four days at the beginning of 2008. A Facebook widget called "Secret Crush" or "My Admirer" is believed to have been downloaded by one and a half million users. It claimed to tell users who had a secret crush on them, but in reality fooled them into downloading the notorious Zango spyware. It spread by asking users to forward it to five friends.
According to anti-virus vendor Symantec, vulnerabilities which could be used by hackers to snatch control of Windows PCs have been found in a pair of ActiveX controls that both Facebook and MySpace provide to users for uploading images to their pages via Microsoft's Internet Explorer (IE) browser. The controls are based on an ActiveX control named Image Uploader, produced by Aurigma Inc.
MySpace was forced to shut down briefly in late 2005 after more than a million users were infected by the Samy worm, written by 19-year old Samy Kamkar. The worm added a million friends to his profile within a few hours, placing the string "but most of all, Samy is my hero" on each of their profiles. Kamkar was eventually sentenced to three years of probation and ordered to perform 90 days of community service.
In January 2008 the biggest privacy breach to date on a social networking site occurred when a 17-gigabyte file containing more than half a million pictures lifted from private MySpace profiles showed up on BitTorrent, a peer-to-peer file sharing service. A security flaw, first reported in Autumn 200, gave hackers access to the photo galleries of some MySpace users who had set their profiles to private, the default setting for users under 16 years of age. This allowed pedophiles and voyeurs who used it to target 14- and 15-year-old users.
In December 2007 users of Google's Orkut application based in Brazil were attacked by a worm that attempted to hijack their computers and steal their bank account details. The worm spread via booby-trapped links on the personal page of Orkut users and infected further users when they read messages from friends who had already been exposed.
This loophole was closed quickly, but another worm, called Scrapkut, appeared on Orkut early in 2008. It seemed harmless at first, but it was soon discovered that it could intercept login sessions at several Brazilian banking Web sites and replace components with a fake authentication prompt which could capture the users' logon credentials.
YouTube has also been used indirectly to infect sites with malware. Many Internet users have received spam messages asking them to click on an attached YouTube video clip. The link actually takes them to a fake YouTube sight where they are told that they must install Adobe Flash Player to play the video. Clicking the supplied download link causes a file called install_flash_player.exe. This is the same name as the real Flash installer, but it actually installs a Trojan known as Trojan-Dropper.W32/Agent.
How Can You Protect Yourself?
We've looked at some of the dangers that you can encounter on social networking sites, but what can you do to protect yourself against them? Technology-based attacks can be generally be prevented by the usual software defenses. Anti-virus software will protect you against viruses, Trojans and worms and anti-spyware programs will protect you against spyware and adware. A good-quality firewall (remember that the one supplied with Windows XP is very basic) will protect you against hackers and Internet safety suites will protect you against a variety of threats.
Behavior-based attacks rely on tricking users into behaving in an unsafe manner. These are more difficult to combat as they can only be countered by a changing user behavior. The Get Safe Online website offers some guidelines for networking safely, including the following:
Don't let peer pressure push you into doing something you're not comfortable with.
Avoid publishing information which can identify you, eg: phone numbers, pictures of your home, workplace or school, your address, birthday or full name.
Choose a user name that doesn't include any personal information.
Set up a free email account (eg: Yahoo or GMail) that doesn't resemble your real name and use that to register and receive mail from the site.
Use a strong password.
Avoid making comments or publishing photos which could embarrass you later.
Use the privacy features on the site to control access to your profile.
Be on the lookout for phishing scams.
If you ensure that your software defenses are strong and up-to-date and follow the above guidelines you should be able to enjoy surfing on social networking sites without problems.
Young children should never be allowed access to the Internet in an unsupervised environment. The computer should be located in a family area, such as a lounge or dining room, not hidden away in a bedroom. With older children you should try to monitor their Facebook or MySpace profiles and be on the lookout for any changes in behavior which might suggest that they are encountering online problems.
Only registered users can write comments.
Please login or register.
 Add as favourites (0) |  Quote this article on your site | Views: 127
Powered by AkoComment Tweaked Special Edition v.1.4.6
AkoComment © Copyright 2004 by Arthur Konze - www.mamboportal.com
All right reserved |
