Telling Friends from Dangerous Foes in Social Network Security Maze

by Brian Prince

Koobface has emerged as perhaps the most notorious worm affecting social networking sites. Variants of the worm have touched down on Facebook, MySpace and other sites such as hi5. Recently, the minds behind the malware discovered a way to automate the registration process for Facebook, as well as the process of adding friends and leaving messages with links to sites with malware on their Facebook walls.

Spammers dont just use e-mail. They also use the messaging functionality of social networks to send out links to various sites, particularly sites with adult content. Earlier this year, researchers at AVG Technologies reported finding evidence that attackers circumvented Facebooks CAPTCHA technology in order to automate the creation of accounts and use them to spam out links to sites hosting rogue antivirus programs.

Facebook uses a number of techniques to fight spam, including monitoring user activity for irregularities, such as a high number of rejected friend requests. One way Facebook fights spam from phished accounts is by detecting suspicious logins—if someone appears to be logging in from an unfamiliar location for example. If a user believes his or her account has been compromised to send spam, they should immediately reset their password and run an antivirus scan.

Phishers take advantage of the popularity of sites like Twitter and Facebook by spamming out links leading to phony versions of the sites. A recent example of this is a scheme observed by Sophos in October where Twitter users were receiving links that led to a phony Twitter login page.

For businesses worried about their employees who use social networks, the best defense against phishers is education. Consider showing employees real phishing e-mails so they are familiar with the tactics phishers use.

The success of Twitter has made URL shortening services like Cligs and TinyURL extremely popular. Spammers have taken notice. Earlier this year, Symantecs MessageLabs reported the Donbot botnet was responsible for a spike in spammers abusing URL shortening services. During a three-day period in July, spam containing short URLs went from virtual nothing to 2.23 percent of all spam—some 3.5 billion spam messages a day.

The ability of users to upload content and design is something by its very nature that is going to challenge security. When Facebook receives reports about vulnerabilities in third-party applications, the site notifies the developers, and may disable or sandbox applications until the issue is corrected. In the meantime, developers should make sure they check their applications for common vulnerabilities, and users should stay wary.

One of the most difficult issues to solve is the problem of people creating fake profiles. These profiles can be used to lure unsuspecting victims. For example, McAfee noted an uptick of fake LinkedIn profiles in January that hosted links leading to malicious sites.