Social Networking's Security Pitfalls: How You Can Go Oh So Wrong with Facebook, LinkedIn and MySpace
The social networking world of Facebook, LinkedIn and MySpace is a veritable minefield of places where a misstep can mean dire consequences--from data harvesting to loss of reputation to fraud--for the unfortunate user.
There's even a booming market in "friends" and connections—those with misdeeds in mind can come to certain hacker forums and say they want to meet a particular person, and it will be done, for a price.
In fact, says Golovanov, in 2008 Kaspersky received well over 20,000 malware samples that attack social networks in some way—that's close to 100 per day!
One particularly nasty item he's spotted hacks an account and starts making posts in forums in the victim's name. The victim, however, can't see these posts, so could get kicked out—or worse—without ever knowing why.
The business of perpetrating these attacks is huge. According to Golovanov, there are specialized teams built out to attack and process information from social networks, including coders who write the malware, those who run the servers, those who sell the data collected, and those who actually perform the attacks and gather the data. One group, he says, is doing so well that it employs not one, not two, but three accountants to manage its ill-gotten gains!
Believe it or not, despite all this Golovanov says that these organizations have not yet reached the sophistication of botnets. That will likely happen in 2009. As it is, Kaspersky has seen a doubling in social networking attacks over the past six months, even though malware as a whole has plateaued.
But think about this: Malware targeting online games has skyrocketed—on a bad day, Kaspersky receives 5,000 Trojans to examine (a good day is a "mere" 3,000)—and that, says Golovanov, is where social networking attacks could be heading.
Now, about that eggnog—want to see a funny video?
Receive the latest security news as it breaks.
