Social network security threats: How to avoid becoming a victim

Social network security threats: How to avoid becoming a victim

Summary: Five tips that can help users spot malicious threats via social networks.

SHARE:

Earlier today my ZDNet partner-in-crime Ryan Naraine posted about the latest Facebook worm, which tries to get users to download a malicious codec from a video appearing to be shared through Google Reader.

I have a couple of disclosures in relationship to this worm:

  • It was researched and reported by network security appliance vendor Fortinet, which also happens to be my employer
  • I had a bit of a hand in discovering it

I awoke this morning to a Facebook alert from an old coworker that said, "Sommebody uupload a viideo witth you on utubee. you shuold ese." What's interesting is that I didn't initially notice the very poor spelling. I read right through it to the context, and with a bit of hesitation I went to my Facebook inbox (note: NOT from the email -- I logged straight into Facebook through an open browser). I saw in the Facebook note that the site redirected to a Google shared site at what appeared to be a valid URL -- I chanced it (NOT recommended). I didn't touch the video as I immediately knew there was an issue. But I should've realized it sooner.

At that point, I engaged Guillaume Lovet, senior manager of our FortiGuard Global Security Research Team, who led our research efforts. Ryan has all of the details of the worm itself in his blog post, but the point is that no matter your associations, understanding or education when it comes to security or social media, one cannot be too careful.

I asked Guillaume to share five tips that would help curious people who know better and novice users alike spot malicious threats via social networks -- as well as a couple ways they might protect themselves:

  1. Beware of messages with a link inside. That should first trigger your threat alarm.
  2. In such a case, pause one second and ask yourself if the message you're reading is from who it claims to be. It's very easy with people you know, because everyone has a "digital voice" of his/her own, a writing style that cannot be imitated by worms. Yet.
  3. A lot of social engineering sleight of hands used by social networking sites rely on teasing the victim into watching a video. Keep in mind that online videos share a very common format (i.e. flash), so if you can normally see flicks on YouTube or DailyMotion, you won't ever need any additional plugin or codec. Most importantly: codec which come in the form of executable setup files are, in this context, Trojans.
  4. Don't browse the Web with a system that's not up-to-date with security updates. Often, those malicious end-points carry some web-browser exploits that will actually push the Trojan onto your system without your knowledge, let alone your interaction. This won't happen if your browser is up to date. You may prefer alternate browsers for that purpose, hence reducing the exploit surface in your gear.
  5. If you failed somewhere, or if the malicious site exploited some un-patched flaw in your browser, antivirus gear may very well save you. A combination of antivirus and Web content filtering would create stronger protection, as if the malicious site is blacklisted on the Web filtering part, antivirus may not be needed to make the attack fail, but it is always good to have both due to the increased sophistication of threats.

What other tips can you share?

Update 10/29/08 8:18 a.m.: It appears that the Facebook worm culprits are also trying to leverage Google Picasa the same way it was leveraging Google Reader.

Topics: Security, Browser, Collaboration, Networking, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • My Link and Attachment Policy

    I love my friends and family, but not enough to risk clicking on anything or opening any attachment that they send. Yes, there are some exceptions, but the people I eTrust, don't usually forward me links and attachments anyway. ;-)
    Hilldiggity
  • Patch your apps, too

    http://secunia.com/vulnerability_scanning/online/

    Secunia has a very slick, Java-based scanner that will alert you to any out-of-date apps on your Windows PC, and even provides links to the updates. I use the online version and find it very handy, but "PSI" version is a more thorough version and will root out the more obscure apps you may have on your PC.

    It's very simple to use and is pretty effective.
    ejhonda
  • RE: Social network security threats: How to avoid becoming a victim

    Simple...don't use these lame sites.
    ths40
    • lame sites

      I wish it was that easy. I avoid Myspace and Facebook but my wife uses both on a daily basis. I warned her not to install, download or click on any links no matter what. Why would you want to join a social network that is full of perverts, liars, spammers, scammers and infested with malware, trojans, and viruses?
      TRIMTI
  • RE: Social network security threats: How to avoid becoming a victim

    Your 5 tips are good advice indeed.
    Sadly, most casual users are not educated enough in the dangers online to take heed.
    Until we somehow get users to pay attention to security, we will not be able to keep these threats to lower rates of infections.
    spywarebiz@...
  • RE: Social network security threats: How to avoid becoming a victim

    I had a similar issue with an email message that I received from a contact on Tagged.com. The message there was "yoour behaviior is so shoccking!" I didn't suspect anything as it was from someone I knew. It opened what appeared to be a YouTube window and prompted me to upgrade my adobe video player to display the video. What I also failed to notice was the "YuoTube" I ended up with the AntiVir360.exe bug, trojaned in! It took me a week of harddrive scrubbing and task manager filtering to find the culprit:pp2.exe, which went so far as to be memory resident. After re-starting my system, it was back as pp03.exe. It got to be somewhat funny...

    The downside? I operate an online business and this brought everything to a standstill for a freakin' WEEK!!!
    m_paragon@...