Cyber criminals imitating social networks to spread malware
May 14, 2009
Social networking websites have become a goldmine of information stored in their databases. This is now a source for some serious fraud, which could be perpetrated on the people who use such sites. The growing popularity of social networking sites like, Facebook, MySpace and Twitter has caught the attention of cyber criminals, who are using such sites to spread malware or frauds.
According to Wensense Security Lab, there is a growing domain-name cloning trend among cyber criminals, who are seeking to take advantage of the huge number of social networking users, particularly Facebook, MySpace and Twitter users.
Criminals are increasingly using domain names that include words like Facebook, MySpace and Twitter, with no official connection to the real sites, to trick unsuspecting users to visit fake websites and lure them to reveal sensitive information or download malicious code.
“These websites are popular – fraudsters are able to target lots of victims, people trust the content on it – because they think it’s from other people in their network and they are easy to compromise because they allow anybody to create and post content," said Charles Renert, senior director, advanced content research, Websense.
Facebook, MySpace and other social networking sites have been the rage of the internet community for more than a year. Following investments by Microsoft and News Corp., the social networking providers are valued in the billions of dollars and are considered blueprints for how to build a website business model.
With online ad spending booming into a nearly $50 billion market this year, there is plenty of money to be had. So, not only cyber criminals or fraudsters, even big-name advertisers are drooling over millions of young, affluent consumers, who are spending more time on their online profiles than in front of a TV set or movie screens. They are particularly smitten with the prospect of tailoring 'content' to people's specific interests.
Traditional web filtering is not enough to protect users from threats on trusted sites, and isn’t enough to keep up with fraudsters generating new URLs almost instantaneously to avoid detection. Only real-time analysis of web content can prevent users from being exploited by this attack, Renert added.
This isn’t the first time Facebook users have been targeted by hackers. In late April, Websense Labs detected a phishing campaign targeting Facebook users. The scam, labeled 'FBStarter' by security researchers redirected users to a phishing page that spoofs Facebook's sign-in page. By entering their user name and password, they give attackers the information necessary to log into their account and spam their friends.
Sites that allow user-generated content comprises the majority of the top 50 most active distributors of malicious content. Over 70% of these sites have hosted malicious code in the last six months, as well as malicious comment spam and the URL and domain-spoofing, as noted in the most recent research. - Yogesh Sapkale