Saturday, August 09, 2008

Social Networking Sites a major source of malware; but avoiding them also poses an ironic risk

Washington Post technology writer Brian Krebs, reporting from a computer security convention in Las Vegas (the BlackHat “hacker” convention), warns that social networking sites, especially Myspace, Facebook, and LinkedIn, are becoming major sources of malware.

Many of the items are user-defined applications and widgets of various natures.

At the same time, the convention points out with some irony, it can be risky to avoide social networking sites if others couple mimick you and set up fake profiles to take awat business or harm your online reputation. If you don’t want to use them, it may be safer to set up a shell profile and then use it relatively little. This point could be important to employers in some industries, where the "reputations" of professional employees or contractors is an issue of legitimate concern.

In fact, I have shell profiles on Myspace and Facebook with very little material. But I may start using Facebook soon for networking my screenplays.

The story runs in print in the Business Section of The Washington Post today Aug. 9. The story is titled “Hackers’ Latest Target: Social Networking Sites” with link here.

Krebs discusses the Koobface worm, which McAfee describes here. Facebook users who have loaded infected plugins receives links to download the worm from linked infected videos (which apparently could come from either Myspace or Facebook).

In all cases, loading malware would violate “terms of service” but social networking and blogging companies are having extreme difficulty detecting malware and violations by automated scripts without impacting innocent users with “false positives.” The risk appears to be much less with conventionally (dedicated or shared) hosted web sites.

There is another story today coming from the Las Vegas "Black Hat" conference on DNS security on my consumer id security blog, here.

No comments: