The marriage between social networking and social engineering could be one of the top security threats in 2011. Social engineering is hardly a new issue, but as social networking becomes more mainstream both in the home and in business, it goes to follow that the bad guys will do whatever they can to be one step ahead of users.
According to the folks from Zscaler:
Attacks on end users virtually always involve social engineering – a user must be convinced to visit a web page, open an attachment, etc. Spam email has valiantly served this purpose for many years, but just as everyday users are migrating away from email and toward social networks such as Facebook and Twitter for communication, so too are hackers. This is far from a bold prediction as attackers have been abusing social networks since they first came online. For example, XSS vulnerabilities on Twitter have been used to push malicious tweets, while Likejacking has emerged on Facebook as a means of promoting malicious profiles.
Social engineering schemes will be like this one Sue Poremba stumbled across at MountainRunner.us:
Some colleagues are reporting a phishing expedition to identify and engage Information Operations experts on LinkedIn. They’ve reported invitations from “George W.” who purports to be “Colonel Williams”, an “IO professional” in the DC area.
Invitations, with a number of wording variations, has been received by a number of active duty IO personnel recently. Investigation by several others has shown that the profile is for a nonexistent person.
In Sue’s own professional network, a person was friending everyone, yet no one knew him. Despite that, over 40 people clicked the accept button, so it looked like they had a wide circle of mutual friends. Turns out, the person was a scammer and his account was quickly deleted from the social network. Who knows what his intent was, but it appears he was taken care of before he could do damage. Sue expects to come across many more situations like that in the coming year.
This slideshow features some of the most recent attacks targeting Facebook users.
Click through for nine recent cyber threats targeting Facebook users.
Sophos recently warned about a round of malicious Web links circulating on Facebook that install fake anti-virus software on victims' computers. According to Computerworld, the initial scam purportedly led to a video of disgraced former International Monetary Fund Managing Director Dominique Strauss-Kahn and a hotel maid, but then was switched to a link that was supposed to be an X-rated video of celebrities Rihanna and Hayden Panettiere.
On a PC, the scam instructs the user to install the latest version of Adobe Flash Player in order to watch the video, but actually the software they install is a fake anti-virus program. On a Mac, a pop-up window appears that looks like a security warning. Clicking "fix" installs the fake software that resembles Mac Defender.
In a blog post, F-Secure calls the attack "significant" and explains that it is spreading virally using Facebook's "Like" feature with users in the United States and the UK being most at risk.
According to PCMag.com, all versions of Internet Explorer running on any variant of Microsoft's Windows operating system are at risk of a flaw, dubbed "cookiejacking," in which a user is tricked into copying the text of the cookie file and sending it off to the attacker. The attack could let hackers impersonate victims on password-protected websites, like Facebook and Twitter. However, that attack requires the gathering of bits of information from the unsuspecting user:
First off, the targeted cookie has to be for a site that the user is actively logged into in order for the exploit to have any meaning. The attacker also has to know the target's Windows username as well as the operating system the user's running in order to pull up the cookie itself.
Microsoft is downplaying the flaw, which was discovered by Italian researcher Rosario Valotta. Computerworld quotes Jerry Bryant, group manager with the Microsoft Security Response Center, as saying:
Given the level of required user interaction, this issue is not one we consider high risk in the way a remote code execution would possibly be to users … In order to possibly be impacted, a user must visit a malicious website and be convinced to click and drag items around the page in order for the attacker to target a specific cookie from a website that the user was previously logged into.
According to Computerworld, malware makers and scammers quickly exploited the death of Osama Bin Laden. Anti-virus vendors report seeing links that lead to bogus security software disguised as plug-ins that users must supposedly download to view video, but actually attempts to harvest personal information. There are also Facebook scams using Bin Laden news to extract personal information from users, such as their email addresses.
Sam Masiello, chief security officer at Return Path, says it's only a matter of time before malware-infected spam starts to appear. Masiello advises users to be diligent and not click on links to Bin Laden-related news. Instead, he tells users to type in URLs manually for trusted news sites.
V3.co.uk reports the security experts are warning about a rogue third-party application that pretends to announce that Facebook is closing all accounts.
Users who were tricked into downloading the app saw this message appear on their profile:
Facebook is closing all accounts today. They can't handle so many accounts. Most of the old accounts are not active, so they are deleting everything. If you want your account alive please confirm your activity. This is the final notice!
According to Sophos Senior Technology Consultant Graham Cluley, the goal is to spread the message virally to all of a user's friends. Also, victims are taken to an online survey that earns the scammers commission.
Social network users can expect to see an increase in scams. Symantec's annual threat report predicts that attackers will continue to ramp up attacks on online social networks in 2011.
M86 Security is warning of a Facebook phishing scam that attempts to harvest log-in credentials, reports v3.co.uk.
According to an M86 blog post, the ruse uses a recently announced messaging product that gives Facebook users an opportunity to own an @facebook.com email address as a lure. The scam tries to trick users into registering for an @facebook.com email address before someone else gets it, but doing so lets attackers gather log-ins and passwords for the site. M86 explains:
The bit.ly link redirects users to a Facebook App (apps.facebook.com/xxxxxpage), which contains an iFrame that points to a compromised site that is hosting the phishing page … Once a user clicks Next, their information is sent off to the phishers, their accounts are hijacked immediately and their Facebook status is updated to try to scam their friends/family.
M86 suggests that users visit Facebook's "Account Security" section and select the options that will notify them when a new computer or mobile device has logged into their Facebook account.
Criminals quickly took advantage of Japan's twin earthquake and tsunami disasters with schemes that ranged from links to fake anti-virus downloads and bogus donation sites to classic 419 scams, says Computerworld.
Symantec says it has seen an influx of email messages asking recipients to donate money to relief efforts. Sophos warns that cyber criminals are using Facebook to harvest information when users click on a link posing as CNN video footage of the tsunami. Meanwhile, Trend Micro discovered that a phishing site that included "japan" in its URL was collecting email addresses and other personal information.
IT Business Edge blogger Sue Marquette Poremba sums it up when she says:
If it is a major news story, the bad guys will find some way to capitalize on it and take advantage of sympathetic but unsuspecting folks just trying to do their part to help.
Panda Security uncovered a pair of threats that threaten users from being able to access their Facebook accounts, reports eSecurity Planet.
The first scam involves a faux Word document that actually hides a trojan. The email tells users that their Facebook accounts are being used to send spam and advises them to open the Word document to get a new password. Doing so infects the PC or mobile device, making it a vehicle for distributing spam.
The second threat pushes a malicious link that, if clicked, infects users' computers or mobile devices with the Lolbot.Q worm. The article explains:
Once the worm has installed and victims attempt to log in to Facebook, a message pops up informing users that their account has been suspended and, in order to reactive their account, they must fill out a questionnaire offering for a chance to win a new laptop or iPad.
According to ChannelWeb, a clickjacking worm has plagued hundreds of thousands of Facebook users, spreading malware and unwanted code when users click a link that indicates they "like" the maliciously created Web page.
CNET News says the social-engineering scam piques the interest of prospective victims with messages like: "This man takes a picture of himself EVERYDAY for 8 YEARS!!" and "The Prom Dress That Got This Girl Suspended From School." Clicking on the "like" button takes users to a third-party website that displays some form of a click-to-continue message. Clicking anywhere on the page automatically posts the link to the victim's Facebook profile, and the exploit ultimately spreads as other online friends "like" the same page.
Graham Cluley, senior technology consultant at Sophos, says there is no data-stealing element to the worm … yet. He told eWEEK that it is possible the worm is a
proof-of-concept test run before attempting something more malicious, or that the bad guys were planning to post some revenue-generating adware or click-traffic to other sites.
