A ‘social’ menace acquires worrying proportions

Have you ever suspected that your Facebook account is probably spamming your friends? Have you ever checked this with them? Have you been lured by a free product offer or gift vouchers and clicked on it? Do you know that the offer can include a link carrying Web-hijacking malware? The looming threat of social spam is intensifying in the face of rising popularity of networking sites. So you need to watch out.

This is something of real concern even as malignant attacks carried out via email come-ons seem to be declining. The percentage of incident of traditional spam, so to say, has come down by more than 20 percent, according to a leading security-software maker, Symantec. The diverse trends can be attributed to enhanced filters as well as stringent law enforcement that have made email attacks more difficult to launch.

As a result, spammers incidentally seem to have turned attention to target sites where the people want to be today and where the awareness and defenses are comparatively weaker. They are targeting social sites, analysts point out. In a recent post, we outlined how  false ‘bait’ page can trick Facebook users into ‘clickjacking’. Following are the ways in which users are often tricked:

  • Hackers mostly create deceiving Facebook profiles for ‘friending’ users on random basis. Once the gullible users click on a ‘bad’ link, seeds of an impending spam attacks are sown as they begin, spreading it to other friends who do the same. It all can happen through some nefarious third-party apps, or also when users opt for malware outside Twitter or Facebook, which gives hackers hold of their machines.
  • Social-spam attacks on Facebook like ‘like-jacking’ dupe people into clicking on a ubiquitous image that looks as if a Facebook friend has hit the ‘Like’ button, to recommend it.
  • More vicious one are come-ons for those seemingly irresistible posts such as a free iPad offer, prompting one to run malware, which can then take over a Web browser, or the computer/ laptop/ mobile device itself.
  • Social malware can impersonate users, getting into eerie one-on-one chat sessions on Facebook. Security experts caution against sophisticated hacker attacks that take a cue from personal information sourced from the profiles to send convincing targeted messages.

How are social sites combating spam?

Facebook and Twitter are constantly building up their defense mechanism against hackers’ attacks. The former states on its site: “We take the deliberate spam attacks seriously and devote a tremendous amount of our engineering time and talent to build systems that detect suspicious activity and automatically warn people about inappropriate behavior or links. Because of our efforts, only a very small percentage of people, who use Facebook has, ever experienced spam or a security issue.”

Twitter also concedes that it has become a more visible and obvious target for spammers and hackers, and other malicious parties. The networking site claims to have put in place a process to discover and deal with spam. The strategies are partially working. According to Twitter, its ‘spammy’ tweet rate has come down from 11% in 2009 to 1.5% in 2010.