What are the popular ways that spammers have leveraged on social
networking sites to target victims?
Spammers have leveraged social networking sites in many ways to send spam.
One of the popular methods is fake invitations which usually contains a link
that redirects to the user to spam website. This vector targets all users,
regardless of whether they have an account or not. Other popular methods being
sending spoofed 'Merge account' notification, fake photo tag/comment messages,
third party applications, and delivering notifications to spread malware. In one
example, spammers sent messages prompting users to download a social networks
toolbar, which was actually a Trojan.
Has Symantec come across any new techniques used by cyber criminals
targeting social networking site users?
Symantec, recently, witnessed an instance of botmasters tweeting their
commands to zombie computers, through smartphones. Symantec has detected a new
Trojan botnet creator tool, called "TwitterNet Builder." The threat, called
Trojan. Twebot, uses a Twitter account to issue instructions to the Trojans
created by the builder. When building Trojan. Twebot, the user is able to supply
a public Twitter account for Trojan. Twebot to follow. Because Trojan. Twebot
does not try to obfuscate commands on Twitter, it will not be difficult for
security staff to find and close accounts abusing their service in this way.
Cyber criminals are also leveraging social networking sites to drop Trojans into
unsuspecting users' systems. For example, spam e-mails such as the one on the
left have been doing the rounds on the Internet hoping to lure recipients into
downloading a Facebook toolbar.
What are the new things that cyber criminals look at when attacking users
other than passwords or email addresses?
Apart from passwords and e-mail IDs, cyber criminals could be looking at
tricking users into revealing their credit card information with tempting offers
– ranging from discounted goods to attractive job options. They could also look
at fooling victims into parting with their money to purchase
counterfeit/ineffective products. Since social networking sites are trusted
environments, they have also become a playground for cyber criminals to carry
out social engineering attacks. More and more, attackers are going directly
after the end user and attempting to trick them into downloading malware or
divulging sensitive information under the auspice that they are doing something
perfectly innocent.
A year has passed since Koobface was first detected; yet it's still
active. What is Symantec doing in this regard?
The Koobface worm infects users by using social engineering attacks. It
spreads by abusing social networking websites or by employing search engine
optimization techniques to lure potential victims to malicious sites. Symantec's
security products are designed to remove malware such as Koobface by disabling
system restore (Windows Me/XP), updating virus definitions, running a full
system scan and deleting any values added to the registry.
The company is also constantly monitoring Internet threat landscape for
outbreaks of Koobface and other malware through Global Intelligence Network,
which includes researchers throughout the world collecting information about
online fraud, malicious code and security risks, analyzing them to figure out
how they work, and then developing real time updates to Symantec products that
protect computers at homes and in workplaces around the world.
What are the simple steps a user can take to check a malicious mail?
One of the ways to check malicious mail is to unsubscribe from legitimate
mailings that you no longer want to receive. When signing up to receive mail,
verify what additional items you are opting for at the same time. Deselect items
that you do not want to receive. Further, one should avoid publishing e-mail
address on the Internet and delete all spams regularly. One should avoid
clicking on suspicious links in e-mails or IMs as these may be links to spoofed
websites.
When visiting a website it is better to type the Web addresses directly into
the browser rather than relying upon links within messages.
Sharath Kumar
Source: CIOL