Network News

X My Profile
View More Activity

Spike in Social Media Malware, Phishing Attacks

E-mail scams targeting users of social media sites like Twitter and Facebook are blurring the lines between traditional phishing attacks and those designed to plant password-stealing malicious software on the victim's PC.

For the past week, scammers have been blasting out e-mails that at first glance appear to be run-of-the-mill phishing scams aimed at stealing user names and passwords from Facebook users. The messages urge recipients to "update" their information by clicking a provided link and entering their Facebook user name and password at a counterfeit Facebook login page.


Facebook users who fall for the ruse are "logged in" to the fake Facebook page and then prompted to install a "Facebook Update Tool," which is in fact a copy of the Zeus password stealing Trojan.

A study released in October found that 54 percent of U.S. companies have banned workers from using social networking sites. The author of that survey cites the impact that social media sites can have on worker productivity, but a growing number of businesses are becoming attuned to the potential for these sites to introduce malware into corporate networks, said Rohyt Belani, chief executive of Intrepidus Group, a security consulting firm in New York City.

"When you click a link in a phishing [e-mail] it could be a regular phishing site or it might lead to malware," Belani said. "Companies are being forced to train employees to help protect their networks."

Intrepidus offers the Phishme service, which helps companies test how susceptible their employees are to phishing attacks by sending workers mock phishing e-mails and then recording how many employees take the bait. Employees that fail the test are immediately presented with training materials to help them better spot a phishing scam the next time around.

Intrepidus customers have tried to phish roughly 100,000 employees using social media sites as bait, and so far the initial results are not good: 61 percent of employees clicked links included in mock phishing attacks that spoofed Facebook, LinkedIn and Twitter.

Intrepidus found that on average only 18 percent of employees who fell for the initial phishing test were vulnerable in follow-up tests.

Figures released by Microsoft this week about cyber crime trends in the first half of this year also suggest that Internet users are far more susceptible to phishing and malware scams that use social media sites as a lure. Using the phish filter in its Internet Explorer 7 and 8 Web browsers, Microsoft can track phishing "impressions," or how many times people click through to a known phishing Web site. According to Redmond, May and June saw a massive increase in the number of people clicking through to phishing sites.


This spike also corresponded to a shift in the targets of phishing sites: Microsoft found that the share of phishing impressions at bogus social networking sites grew from about 10 percent in April to more than 70 percent in June.


By Brian Krebs  |  November 4, 2009; 12:30 PM ET
Categories:  Fraud , Latest Warnings , Safety Tips  | Tags: phishing, phishme, zeus  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: What Windows Autorun Has Wrought
Next: Business e-banking and the 6-figure password


yes phishing emails are bad... but you can only trust people to do the right thing in the end.. Use Common Sense.

What you may want to bring up in a future article is the current trend of malicious websites using popular news article titles to lure people there...

As media websites begin to charge or require people to sign up with them to read the article itself, many people are relying on other "links" to the same article through major portals such as Google or Yahoo. Some of these links are malicious in that they typically reduce your browser window and put up a fake message about your computer being infected.

Your choices are to choose to install their junk (malware) or click on a "No" or the "X" on the upper-right corner... But there is a problem.

Any click to escape out of the window or back up to the previous page, installs the malware anyway!

The only way to stop the browser session safely is to CTL-ALT-DEL and stop the browser process itself...

Posted by: ProveMeWrong | November 4, 2009 2:49 PM | Report abuse

For me it is easy - I don't have accounts on those social networking sites, so it is pretty easy to ignore them.

Ultimately it comes down to a question of trust. Whom do you trust? When you get a popup message on your computer, do you trust it, or do you regard it with suspicion? The bad guys are always trying to come up with new tricks to coax people to download their junk, so the answer for what you can trust now won't be the same as what it would be 6 months from now.

In an unrelated note, I picked up a netbook over the weekend and installed Ubuntu. I have had it with Microsoft. I suggested to my wife that we put Ubuntu on her PC, but she needs to use Office for work related stuff :-(.

Posted by: jackrussell252521 | November 4, 2009 8:05 PM | Report abuse

@jackrussell -- you know about OpenOffice, right?

Posted by: BTKrebs | November 5, 2009 12:13 AM | Report abuse

Anything you can do on a PC, Ubuntu can do... You just need to get familiar with the Linux based application names and locations to download them for FREE ;)

Posted by: ProveMeWrong | November 5, 2009 7:22 AM | Report abuse

There is something on Yearbook called "" that states that it is a malware/virus detection and removal tool. I cannot find any information about it.

Posted by: david_taylor1 | November 5, 2009 9:04 AM | Report abuse

"Microsoft can track phishing "impressions," or how many times people click through to a known phishing Web site."

Is this not funny. MS can track people and they do not tell anyone they are doing so. I am glad I use FF instead of there junk.

Posted by: mmcgrane | November 5, 2009 10:24 AM | Report abuse

@mmcgrane: The browser detects every attempt to click through to phishing sites. If the browser can't detect it, it can't stop it. Thus, if IE detects an impression, someone at least tried to click through to a site that IE detected as a phishing site. MS's report doesn't further differentiate between those who clicked and were warned and decided not to visit, and those who were warned and ignored the warning.

Posted by: BTKrebs | November 5, 2009 10:41 AM | Report abuse

Google the name. The 1st 2 hits are useful.

Its a rogue, but is not "popular".

Posted by: SoloOwl | November 7, 2009 9:47 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company