Widening attacks related to Facebook and other social media platforms
Throughout 2012, hundreds of millions of users flocked to social networks—and so did attackers. They built creative new social engineering attacks based on key user concerns such as widespread skepticism about Facebook’s new Timeline interface, or users’ natural worries about newly posted images of themselves. Attackers also moved beyond Facebook to attack maturing platforms such as Twitter, and fast-growing services such as the Pinterest social content sharing network.
In September 2012, Sophos reported the widespread delivery of Twitter direct messages (DMs) from newly-compromised accounts. Purportedly from online friends, these DMs claim you have been captured in a video that has just been posted on Facebook. If you click the link in the DM, you’re taken to a website telling you to upgrade your “YouTube player” to view the video. If you go any further, you’ll be infected with the Troj/Mdrop-EML backdoor Trojan.
September also saw the first widespread account takeovers on Pinterest. These attacks spilled image spam onto other social networks such as Twitter and Facebook. Victimized users who had linked their Pinterest accounts to these networks found themselves blasting out tweets and wall posts encouraging their friends to participate in disreputable work-at-home schemes. With 1 billion users, Facebook remains the number one social network—and hence, the top target. In April, Sophos teamed with Facebook and other security vendors to help improve Facebook’s resistance to malware. Facebook now draws on our massive, up-to-the-minute lists of malicious links and scam sites to reduce the risk that it will send its users into danger. Of course, this is only one component of the solution. Researchers at Sophos and elsewhere are working to find new approaches to protecting users against social network attacks.
For example, Dark Reading reported that computer scientists at the University of California, Riverside have created an experimental Facebook app that is claimed to accurately identify 97% of social malware and scams in users’ news feeds. Innovations such as social authentication—in which Facebook shows you photos of your friends, and asks you to identify them, something that many hackers presumably can’t do—may also prove helpful.
< Back Next >