Social networking sites like Facebook, Bebo and MySpace have soared in popularity over the last few years. They allow users to keep in touch with their friends and make new friends, but they can also expose them to malware and other online danger. As usage of Web 2.0 applications, like blogs, wikis and social networking sites increases, they become more attractive to cyber criminals. Many users of these sites are relatively new to computers and can sometimes be fairly nave regarding online threats.
Many of the threats discussed in this article are historical. They have now been countered by site owners, but new ones will appear as attackers develop their methods in response to improved security. Social networking sites can spread threats very quickly, due to their interactive nature. This makes them very attractive as targets. Many threats take advantage of the fact that people trust their friends, and fail to realize how important it is to treat electronic communications with care, irrespective of their apparent source.
As with other aspects of Internet use, threats can be divided into two categories: behavior-based and technology-based.
Behavior-Based
Behavior-based threats exist because users are not careful enough about the personal information they share online and make themselves vulnerable to phishing attacks and identity theft. Users can publish information about their friends, their likes and dislikes, their jobs and hobbies, totally oblivious to the fact that that this information is eagerly sought by identity thieves as it can help them improve their credibility.
Research carried out by IT security company Sophos on a random sample of Facebook users showed that 41% were prepared to divulge personal information like email address, date of birth and phone number to a complete stranger. The research involved creating a fictitious Facebook profile for a green plastic frog named Freddi and sending out 200 friend requests to randomly-chosen users throughout the world. 87 of the users contacted responded and 82 of them supplied personal information, including email addressed, date of birth, details about their education or workplace, address and phone number, as well as photos of friends and family and information about spouses, likes and dislikes and hobbies.
Internet Safety website Get Safe Online found in 2007 that one in four British social networking users had posted confidential personal information, such as their address or phone number or on their profiles. 13% of users had posted information or photos of other people online without their permission. This figure increased to an alarming 27% among 18-24 year-olds.
Social networking sites can be the source of threats other than phishing. Eleven students at a high school near Toronto were suspended after posting comments about their principal on Facebook after the school enforced a district ban on electronic devices and announced it would impose a uniform policy. A school spokesman that the comments posted on Facebook amounted to cyber-bullying and described them as vulgar and profane.
There have been several allegations that young girls have been raped by older men who encountered them via MySpace or Facebook, but none of these appear to have been conclusively proved. The real issue appears to be that social networking sites can provide an opportunity for men to meet young girls in an unsupervised environment, a situation that parents ought to be very wary of.
Technology-Based Threats
Social networking sites can also be a source of technology-based threats. They allow millions of people to post content, so it\'s inevitable that some of these will be malicious individuals attempting to post malware.
At the beginning of 2008 more than three million Facebook users were infected with spyware in less than four days. A widget named \"Secret Crush\" or \"My Admirer\" is thought to have been downloaded by one and a half million users. It claimed that it would tell users who had a secret crush on them, but actually tricked them into downloading the infamous Zango spyware, which spread by asking unsuspecting users to forward it to five friends.
According to anti-virus vendor Symantec, vulnerabilities which could be used by hackers to snatch control of Windows PCs have been found in a pair of ActiveX controls that both Facebook and MySpace provide to users for uploading images to their pages via Microsoft\'s Internet Explorer (IE) browser. The controls are based on an ActiveX control named Image Uploader, produced by Aurigma Inc.
Late in 2005, 19-year old Samy Kamkar wrote a worm that infected over a million MySpace users and caused a complete shutdown. The Samy worm added a million friends to his profile in only a few hours, adding the string \"but most of all, Samy is my hero\" to all their profiles. Kamkar was given a sentence of three years probation and 90 days of community service.
In January 2008 the biggest privacy breach to date on a social networking site occurred when a 17-gigabyte file containing more than half a million pictures lifted from private MySpace profiles showed up on BitTorrent, a peer-to-peer file sharing service. A security flaw, first reported in Autumn 200, gave hackers access to the photo galleries of some MySpace users who had set their profiles to private, the default setting for users under 16 years of age. This allowed pedophiles and voyeurs who used it to target 14- and 15-year-old users.
In December 2007 users of Google\'s Orkut application based in Brazil were attacked by a worm that attempted to hijack their computers and steal their bank account details. The worm spread via booby-trapped links on the personal page of Orkut users and infected further users when they read messages from friends who had already been exposed.
This loophole was closed quickly, but another worm, called Scrapkut, appeared on Orkut early in 2008. It seemed harmless at first, but it was soon discovered that it could intercept login sessions at several Brazilian banking Web sites and replace components with a fake authentication prompt which could capture the users\' logon credentials.
YouTube has also been used indirectly to spread malware. Many Internet users have received spam messages asking them to click on an attached YouTube video clip. However, the link actually takes them to a fake YouTube site where they are told that they need to install Adobe Flash Player to play the video. Clicking the supplied link causes a file called install_flash_player.exe to be downloaded. This is the same name as the real Flash installer, but it actually installs a Trojan known as Trojan-Dropper.W32/Agent.
How Can You Protect Yourself?
We\'ve looked at some of the dangers that you can encounter on social networking sites, but what can you do to protect yourself against them? Technology-based attacks can be generally be prevented by the usual software defenses. Anti-virus software will protect you against viruses, Trojans and worms and anti-spyware programs will protect you against spyware and adware. A good-quality firewall (remember that the one supplied with Windows XP is very basic) will protect you against hackers and Internet safety suites will protect you against a variety of threats.
Behavior-based attacks rely on tricking users into behaving in an unsafe manner. These are more difficult to combat as they can only be countered by a changing user behavior. The Get Safe Online website offers some guidelines for networking safely, including the following:
Don\'t let peer pressure persuade you to do something you\'re not happy about.
Avoid publishing information which can identify you, eg: phone numbers, pictures of your home, workplace or school, your address, birthday or full name.
Avoid including personal information in your username, eg: use laughing_boy33, rather than jim_brown.
Set up a free email account (eg: Yahoo or GMail) that doesn\'t resemble your real name and use that to register and receive mail from the site.
Use a robust password with eight or more characters.
Avoid saying anything or publishing pictures that could embarrass you later.
Use the site\'s privacy features to restrict access to your profile.
Beware of phishing scams.
If you ensure that your software defenses are strong and up-to-date and follow the above guidelines you should be able to enjoy surfing on social networking sites without problems.
Young children should never be allowed access to the Internet in an unsupervised environment. The computer should be located in a family area, such as a lounge or dining room, not hidden away in a bedroom. With older children you should try to monitor their Facebook or MySpace profiles and be on the lookout for any changes in behavior which might suggest that they are encountering online problems.
Article Source:http://www.articleboy.com
Ted Hastings has many years of experience of IT and education. He has written a textbook on Internet Safety Skills and writes a popular blog entitled Surf Safely.
Please Rate this Article
Not yet Rated
Additional Articles From -
Home |
Computer 
