Trend Micro Consumer Newsletter | Security Tips, Tricks, and Updates April 2010      

How Cybercriminals Invade Social Networks

Social networking has grown from a niche fad among tech-savvy kids into a full-blown Internet phenomenon—and don't think that hackers haven't noticed. Several new attacks use Facebook and other social networking sites in order to infiltrate not only private individuals' computers, but also their work computers and corporate networks.

A recent piece of malware was spread when a Facebook user clicked on a link that appeared to be from a work colleague. The message referred to an actual event that both had attended, so the user thought there was no harm in clicking the link to see photos.

Unfortunately, the message hadn't come from her colleague at all; it came from a hacker who'd done just enough research to be able to impersonate him. And with a click of the link, the user's computer was infected. Soon enough, the hacker used her company login to infiltrate the network of the financial firm where she worked and eventually was able to control two servers.

Another Facebook-related attack spreads through regular email instead of Facebook's internal email. The message says that the recipient's password has been reset and they need to click on an attachment to get their new login. The attachment downloads several types of malware, including a password-stealing program. (For more details, read our blog post.)

Social networking-based attacks can do serious damage to individuals' credit and identities, but they can also wreak havoc on the social networks themselves. If administrators need to take down the servers on a very active site in order to prevent a virus from spreading, they're sacrificing a lot of potential user interaction-and a lot of potential revenue. Additionally, they risk the possibility that people will scale back their activity on the site if it gains a reputation for spreading malware infections.

As a user of social networks, it's often safer to assume that any message with a link in it—even if it appears to be from somebody you know—is not to be trusted. Mouse over links and check in the status bar of your browser to see if the link directs to where they say it will go. That means if you get a message that says, "Check out this YouTube video!" but the address in the link doesn't point to YouTube, ignore it. Ditto any message that's suspiciously generic. "Look at my photos" and similarly vague messages are almost certainly from spammers.

If you have antispam and antivirus protection that uses a reputation service to identify circulating threats, your chances of even receiving that email or clicking through to that malicious site are dramatically reduced. The Trend Micro Smart Protection Network™ uses cloud-based reputation service technology to block threats before they even have a chance to reach you-which keeps you safer, and reduces demand on your own computer's resources.

Threats Around the World—Are You Protected?
Certain areas of the world are just hotbeds of cybercriminal activity—and right now, Ukraine's an even bigger problem than Russia. The FBI recently began embedding agents in the Ukraine, as well as Estonia and the Netherlands. Trend Micro researcher Paul Ferguson recently told ComputerWorld, "It's encouraging that they have someone embedded [in the Ukraine]. I hope it's more than just a token presence."

The FBI is trying to work more closely with international police following a successful operation in Romania several years ago. More recently, they helped shut down the Spain-based Mariposa botnet. Mariposa was run by several men with no prior criminal activity and no particular knack for computer hacking; their botnet was based on the Butterfly botnet kit, which is readily available online.

Now that it takes little more than a simple download to become an international cybercriminal, cooperation among international law enforcement authorities is an absolute must. And for users everywhere, it means you can't take your own computer security for granted. Make sure your antivirus software runs regularly. If you use Trend Micro products, the Smart Protection Network already protects you from file-, Web-, and email-based threats by detecting and blocking threats before they have a chance to reach you.

< Back to main page

How Safe Is Your Smartphone?

While malicious viruses, worms and spyware continue to plague unprotected computers and laptops, your smartphone may not be as safe as you think it is.
Read more >      
© 2010 by Trend Micro Incorporated. All rights reserved.