2Koobface Versus Facebook
Koobface has emerged as perhaps the most notorious worm affecting social networking sites. Variants of the worm have touched down on Facebook, MySpace and other sites such as hi5. Recently, the minds behind the malware discovered a way to automate the registration process for Facebook, as well as the process of adding friends and leaving messages with links to sites with malware on their Facebook walls.
3Social Networking Spam
Spammers dont just use e-mail. They also use the messaging functionality of social networks to send out links to various sites, particularly sites with adult content. Earlier this year, researchers at AVG Technologies reported finding evidence that attackers circumvented Facebooks CAPTCHA technology in order to automate the creation of accounts and use them to spam out links to sites hosting rogue antivirus programs.
4Stopping Spam in Its Tracks
Facebook uses a number of techniques to fight spam, including monitoring user activity for irregularities, such as a high number of rejected friend requests. One way Facebook fights spam from phished accounts is by detecting suspicious logins—if someone appears to be logging in from an unfamiliar location for example. If a user believes his or her account has been compromised to send spam, they should immediately reset their password and run an antivirus scan.
5Phishers Hook Facebook, Twitter
7Shortened URLs Can Conceal Danger
The success of Twitter has made URL shortening services like Cligs and TinyURL extremely popular. Spammers have taken notice. Earlier this year, Symantecs MessageLabs reported the Donbot botnet was responsible for a spike in spammers abusing URL shortening services. During a three-day period in July, spam containing short URLs went from virtual nothing to 2.23 percent of all spam—some 3.5 billion spam messages a day.
8Third-Party Apps Challenge Security
The ability of users to upload content and design is something by its very nature that is going to challenge security. When Facebook receives reports about vulnerabilities in third-party applications, the site notifies the developers, and may disable or sandbox applications until the issue is corrected. In the meantime, developers should make sure they check their applications for common vulnerabilities, and users should stay wary.
9The Identity Issue
One of the most difficult issues to solve is the problem of people creating fake profiles. These profiles can be used to lure unsuspecting victims. For example, McAfee noted an uptick of fake LinkedIn profiles in January that hosted links leading to malicious sites.