Wednesday 7 December 2011

Social Networking Sites Are Highly Susceptible To Malicious Attacks

Social websites have become the new breeding ground malwares. The first is a Trojan called Asprox.N, delivered via email informing users their Facebook account is being used to distribute spam. The email includes a fake Word document attachment that can downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible.

The second malware, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link designed to hijack Facebook accounts, blocking users' access while informing that the account has been suspended. To "reactivate" their account, Victims can restore access to their Facebook account only once they subscribe to the service and receive a new password.

However a recent study indicates that users of social networking websites potentially put themselves at risks to hackers and identify thieves because they engage in risky behavior. Users can minimize their risks of becoming victim by changing online behaviors. The report suggests to guard social security numbers and bank account numbers, take caution when downloading files, and installing certain protective software.

According to research done by the National Cyber Security Alliance (NCSA) and software firm Computer Associates, 74 percent of user divulge personal information, including email addresses and birthdays. Some users even download unknown files; respond to unsolicited emails or instant messages, all of which may lead to identity theft or virus attacks. Adults who use social networking sites may be putting themselves and their businesses at risk as well the report suggests. Of those who have access to a computer at work, 46 percent engage in social networking at the office, potentially making the workplace vulnerable to online security threats.

Security company Panda Labs has discovered an online service that promises to hack into Facebook accounts for $100. They claim they will provide "clients" with login and password information to access any account on the social network. "In the case of celebrities or other well-known entities, they can be used to defame the account holder, spread information in their name, etc. In any event, this is criminal activity."

"The service's real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service," says PandaLabs Technical Director Luis Corrons. "In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft. Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen."

In order to stay safe and protect users from getting hacked, the popular social networking site Facebook is rolling out a new set of security features. Facebook, with over 500-million members, has added the ability for users to login and surf the site using a more secure encrypted connection, known as HTTPS. The encryption is the same used on shopping and banking websites to secure connections, and was previously used on Facebook when passwords are checked. It keeps malicious users from spying on your account and seeing your password, among other things. The new security option is available for some users now, but will be rolled out to everyone over the next few weeks, Facebook says. But to get the extra shield, users have to go into settings and turn it on.

These report findings clearly points out that data breaches are very common these days. One way to mitigate Internet security risks is through technical security training. EC-Council's brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world's most comprehensive ethical hacking training program.

The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.


No comments:

Post a Comment