Social Networking Accounts Prized By Cybercrooks
Cyber criminals increasingly are moving away from trying to break into computers directly, choosing instead to target Internet users where they spend much of their time online -- at social networking Web sites, new data suggests.
In an analysis of cyber crime activity in the 2nd half of 2007, security vendor Symantec Corp. found that two social networking sites together were the target of 91 percent of U.S.-based phishing Web sites. Social networking sites also were the leading targets of phishing sites located in four other countries listed by Symantec in its phishing Top 10.
Hijacked social networking pages often are used to host malicious software or "malware" directly or to host links phishing or malware sites that are then advertised in messages sent to all of the contacts in the victim's social network.
Why on earth would hackers want to bother stealing user names and passwords for Myspace or Facebook accounts? The answer lies in the very nature of social networking sites, online destinations where individuals regularly interact with friends and acquaintances.
Spreading malware via hijacked social networking accounts is ideal because people are far more likely to click on a link recommended by someone in their close circle of friends than they are a link that arrives in a message from a complete stranger, said Alfred Huger, vice president of engineering at Symantec Security Response.
"The main reason [criminals] are targeting this area so heavily is because most of us take part in them," Huger said of social networking sites. Indeed, four of the top 10 most-visited sites on the Web are social networking sites, according to global Web site rankings by Alexa.
Cyber crooks are still principally out to steal financial and personal data that can be resold to identity thieves or converted into cash. And data-stealing computer viruses remain among the most expedient way to extract that data from victims. Symantec found that 68 percent of the 50 most-frequent potential infections reported by customers involved malware that tried to access things like stored usernames, passwords and financial data.
The shift from hacking the computer to hacking the user can be seen as well in pure malware-based attacks. Symantec found that only 10 percent of all malware samples detected in the second half of 2007 sought to infect computers by exploiting security vulnerabilities in Microsoft Windows or other software. That means that 90 percent of all malware installed on PCs in the last six months of 2007 got there by simply tricking people into installing it themselves.
Spam is another area where social engineering and malware have teamed up to help criminals make major inroads. Junk e-mail made up more than 70 percent of all e-mail communications in the latter half of 2007. While spam is often used to advertise links to malicious software, hardly any actual malware is sent directly via spam these days. In fact, Symantec found that less than two-tenths of one percent of all spam sent in the second half of 2007 contained malicious code.
Rather, today's malware is commonly advertised by spam but disguised as links to content or software applications that the recipient may already want to download, such as a game, an online greeting card, or a media player component supposedly required in order view specific types of online content -- usually videos.
One exceedingly common type of security vulnerability -- a Web site-specific programming error known as a "cross-site scripting" (XSS) flaw -- is increasingly being abused by malware writers and phishers to help exploit the trust people place in social networking and other well-known Web sites. XSS flaws occur when legitimate sites accept input from the user -- usually from something like a search box or e-mail form -- but do not properly filter that input to prevent the injection of potentially malicious instructions.
Such flaws allow an attacker to craft a Web link that, when visited, uses the vulnerable Web site to load or display content from a malicious site. When used in malware attacks, XSS flaws can help attackers make unfamiliar links appear to belong to high-profile sites that the user recognizes and trusts. Phishers can use XSS holse to craft links that, when clicked, display the name of the trusted site in the address bar of the victim's Web browser while displaying a fake login page served from a Web site controlled by the attackers.
In the first half of 2007, security researchers identified nearly 7,000 sites that contained cross-site scripting flaws. In the last six months of 2007, researchers found an additional 11,252 such site-specific flaws, many of them in high-profile sites such as AOL.com, Apple.com, Google.com, MySpace.com and Yahoo.com. Despite the fact that most of these Web site security flaws are posted to a publicly accessible archive site, only 473 of the cases discovered in the last half of 2007 were fixed by the end of last year, Symantec said.
Posted by: brucerealtor | April 8, 2008 1:16 AM | Report abuse
Posted by: brucerealtor | April 8, 2008 1:19 AM | Report abuse
Posted by: victor louis | April 8, 2008 3:15 AM | Report abuse
Posted by: JimGoldbloom | April 8, 2008 8:00 AM | Report abuse
Posted by: Adam | April 8, 2008 9:36 AM | Report abuse
Posted by: Giorgio Maone | April 8, 2008 10:01 AM | Report abuse
Posted by: Bk | April 8, 2008 10:05 AM | Report abuse
Posted by: John | April 8, 2008 10:44 AM | Report abuse
Posted by: Adam | April 8, 2008 3:55 PM | Report abuse
Posted by: brucerealtor | April 9, 2008 4:08 AM | Report abuse
Posted by: antivirkaspersky7 | April 25, 2008 7:16 AM | Report abuse
Posted by: Airline Ticket | May 4, 2008 11:48 AM | Report abuse
Posted by: Cheap Car Insurance | May 4, 2008 11:48 AM | Report abuse
Posted by: valium | May 4, 2008 11:48 AM | Report abuse
Posted by: Barsuk | May 4, 2008 6:07 PM | Report abuse
Posted by: George S Alarcon | May 9, 2008 5:54 PM | Report abuse
The comments to this entry are closed.