Where’s the Party? Hackers Found in Social Networking Sites
Engage with a social networking site such as MySpace or Facebook, and you will undoubtedly change the way you spend your time online. Every time you visit and interact, you will leave a trace behind. You will expand your digital footprint. As you do this, you will acquire an online identity.Your digital profile will be born.
However unassuming or grand your digital profile is, however private or public, you can be certain of one thing: Your nuggets of information can be turned against you by hackers with malicious motives.
The tables have turned. 2006 was the year that cyber criminals shifted their attention from e-mail to web traffic. In that year, the ScanSafe Annual Global Threat Report noted an increase in spyware of 254 percent. The motives shifted as well. Over 65 percent of web virus attacks in 2006 aimed at gaining a financial benefit from unsuspecting users. Displaying technical prowess or causing online chaos was no longer the main driving factor for attacks.
It is little wonder that social networking sites, with attention grabbing headlines that by turns praise and condemn the social changes they are helping bring about, are gaining the attention of hackers looking to spread their malware.
The so-called Web 2.0 provides a grand platform from which to launch attacks. Social network sites, wikis, blogs, chat, RSS feeds, and instant messaging are, by their open nature, fertile ground for the distribution of malware. The more freely users interact and contribute content, the more information hackers have that can be used against them.
To limit your exposure and avoid being a target, it is wise to refrain from posting information that could make you vulnerable. This includes what others may be posting on you as well, for example, hobbies, addresses, memberships, routines, schedules, finances, employment – the possibilities are extensive. Only post information that you feel comfortable with anyone seeing since once you do so, you will not be able to fully retract it. Even if you remove it from a site, saved or cached versions may still exist elsewhere in the digital universe.
Just as it is important to be critical about what you post, it is also important to be critical about what you consume. Since much of Web 2.0 content is updatable by the public, it is possible for a hacker to embed links that send users to corrupt sites where they can be tricked into other scams. By blending with the crowd of users, hackers and cyber criminals can work underground.
Just how widespread is malware in the open Web? The ScanSafe Threat Center has found that up to one in every 600 social networking pages hosts malware. As the number of pages continues to rise exponentially, so does the potential for malware to spread.
Dan Nadir of ScanSafe told E-Commerce Times in a recent article that many traditional security solutions are not sufficiently capable in the dynamic Web 2.0 environment. What is required is a proactive solution, a type of real-time Web URL check.
Web pages that appear to be legitimate, can introduce malware and spyware into a network. The challenge is to tell the legitimate from the corrupt, and it’s not always easy. Often there’s no way to know one from another. According to Paul Henry of Secure Computing, in some cases hackers are corrupting legitimate technologies for their own gain. For example, even HTTPS connections, which are meant to be encrypted and secure, can be used by hackers to transmit malware.
Social networking sites pose special challenges for corporations seeking to protect sensitive data and intellectual property. According to the Reuters news agency, a July poll commissioned by Britain’s Evening Standard newspaper showed that more than two-thirds of London businesses have banned or limited employee access to Facebook and MySpace. The clamp down comes as the sites have begun catering to professionals. But while some believe that the sites are distracting and don’t belong in a work environment, others see them as powerful networking tools that can help the business.
When it comes to the using the Web, nothing is quite like content. Internet users spend more time online viewing news or entertainment content than on sending e-mail, shopping or searching for information. A study conducted by Nielsen/ NetRatings logged a 37 percent rise in the amount of time spent viewing online videos and news. Overall, nearly half of time spent online in 2007, 47 percent, is made up of viewing content. The study sites the explosion of web content, like social networking sites, along with an increase in online speeds as factors in the increase.
Term of the Month
The Hosts File is a file stored on your computer that is used to look up the Internet Protocol (IP) address of a device connected to a computer network. Some spyware changes your Hosts File in order to redirect you from a site you intended to visit to sites that the spyware company wants you to see.
Source: Anti-Spyware Coalition Glossary
You already know the paid versions of Lavasoft’s anti-spyware software have vital real-time protection to relieve the burden of constant malware attacks. But Ad-Aware 2007 Plus and Pro versions also include built-in privacy and security tools, for example, the Hosts File Editor. You can use the Hosts File Editor to take control of your Web navigation by blocking advertisement sites, reversing browser hijack entries, assisting with parental controls, and creating navigation shortcuts. To use the Hosts File Editor in Ad-Aware 2007, from the “Tools and Plug-ins” tab, select “Tools” and then click “Hosts File Editor.” New users can find more specific directions in the Ad-Aware 2007 Product Manual.
Creating strong online passwords is one piece of the security equation. If you are wondering just how secure that password you have created really is, Lavasoft News has come across a website you can use to rate passwords, to help you learn how to create better ones. Try out the “Password Strength Meter” on Securitystats.com. Remember, even though the site will not store the passwords you enter, test a password similar to one you might use (not your real password), as the site advises.