BandwidthBar

Malware, which is the combination of the words "malicious" and "software," is a type of virus that is designed to attack your computer and your network. Most of the dangerous programs on the Internet (spyware, trojan viruses and key loggers) are in some way related to malware. Protecting your computer from malware isn't easy, but it is worth the effort, as malware can cause a lot of damage to your computer if it isn't protected correctly. The popularity of social networking sites such as Facebook and Twitter, have created a wide open field for cyber criminals and has given malicious hackers the opportunity to exploit these sites' many users in order to infect their computers with malware. This malicious software can cause a whole range of harm to your computer such as turning it into a remote controllable zombie machine.

Anti-virus and other malware protection programs are designed to protect us from malicious software, however the best way to avoid becoming a victim to these constantly evolving attacks, is to be aware of what is out there and what to avoid.

The most common methods of attack are malicious links posted either to Twitter or to your Facebook wall. In the past, such as with the malware known as Koobface, the troublesome links could be easily identified because they would often use a consistent phrase followed by a URL. For example, in August 2009, Koobface was posting links that read "my home video" which was followed by a URL and then a random component on the end such as "HA-HA-HA!!", "W.O.W.", "WOW", "L.O.L.", "LOL", or ";)".

Although the end piece changed from tweet to tweet, the message itself remained the same. However the easy-to-identify messages are not as common anymore. Today, it's much harder to identify malicious links thanks to the newer techniques being used by hackers.

Below are some of the more popular methods used by hackers to spread malware as well as measures you can take to protect yourself and your computer.

Hijacking Twitter's Trending Topics

The first technique involves hackers creating new Twitter accounts and then posting messages related to whatever trending, or "hot topic" is being heavily discussed on Twitter at the time. This would allow the post to be aggregated in Twitter search results where unsuspecting users would click on the included link and become a victim.

Hijacking Legitimate Accounts

The second technique involves infiltrating legitimate existing accounts through phishing attempts and other methods so that the hacker essentially has control over a "real" account. After control has been established, if on Twitter, the hacker will then tweet out links that redirect users to malware-infected sites. Because the tweets come from an account that already has an established group of followers, those reading the tweets assume it's safe and don't hesitate to click the links.

After infecting the account of a Facebook user, malware often uses that particular person's account to spread. As with the malicious links on Twitter, because it appears that the links posted are from a trusted friend, other users don't realise that the posted link is harmful.

On Facebook, one of the most problematic malware programs is Koobface, a particular type of malicious software that sees 20 to 30 new variations per day. Despite the number of variants out there, Koobface's modus operandi is relatively consistent – it tricks people into clicking on malicious links. These links appear on social networks like Facebook and Twitter, but also on MySpace, hi5, Bebo, Friendster, and others.

Dangerous Email

A third method to encourage social networking users to click on infected links is the old but still effective technique of sending out spoofed email. Hackers can create email messages that appear to be sent from a social networking site. The messages prompt you to "update your account" or open an attachment containing your new password, among other things. Although many users are now wary of email, these techniques are still used, so it's clear that to some extent they do still work.

There are a number of good practices that you should follow in order to stay safe and avoid infection. Don't assume a link is "safe" because it's from a friend. As noted above, your friend's account may be infected. Never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn't sound like something they would say, be careful – don't click. If you're unsure, try to contact them through another channel and see if the link is legitimate.

Don't assume Twitter links are safe because Twitter is now scanning for malware: In August 2009, Twitter partnered with Google to use Google's Safe Browsing API, a technology that checks URLs against Google's blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It's better than no protection at all, but it's not going to keep you entirely safe.

Don't Assume Bit.ly Links are Safe:

Earlier in 2009, Twitter's default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google's Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn't prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However this is not 100% effective either. A number of malicious links have been identified which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe - nothing ever is.

Use an up-to-date web browser: recommendations are to use the latest version of your web browser and to keep it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 - and since this browser is attacked the most, it's critical that you make sure it stays updated as needed. Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in "sandboxes," or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not be able to effect the entire machine. Opera and Safari are also good browsers and should be kept up to date as well.

Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe's software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe's site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.

Be wary of email messages from social networks: Because email addresses can be "spoofed" by hackers, you can't assume that an email from Facebook or Twitter is really from the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links - especially if you're being told to "update your account." If you do click on a link and are taken to a web page that asks you to log into the site, DON'T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your favourites or bookmarks.

A lot of the things you can do to protect yourself from malware are the same as they have been in the past - keep your computer and browser up-to-date, don't open attachments, etc. However, malware is trickier to identify these days thanks to social networking sites. It now uses the trusted identities of your friends in order to lull its victims into a false sense of safety. You can no longer simply assume that because someone you know posted a link, it's automatically safe. You can't even assume that the networks themselves are safe, either. They're not always scanned for malware-laden links, and when they are, such as is the case with Twitter, it's not a 100% effective method.

The best way to stay safe is to follow through with all the best practices - not just one or two. Malware isn't ever going away, so everyone must do their own part in order to stay safe on the web.

<< Back