Sunday, January 4, 2009

The Dark Side of Social Networking - Viruses

No...I'm not talking about the viruses you can catch when you Socially Network in person.

If you're reading this, you're probably a web-savvy person. But even those that have a higher level of tech knowledge are getting hit by a seemingly innocuous threat...one which could spell great trouble if not avoided.

Several days ago, a very good friend of mine posted an item on my wall stating that she posted my profile pix on "Floatfaint-com". (You'll notice that I wrote a dash instead of a dot - that's because if it were a dot, it might show up as a link, and Facebook might detect it and try to remove the posting...also I don't want you to go there accidentally, because I care, dammit) Anyway, of course I wanted to check it out because I was curious. But once I got there, I was asked for my user name and password; a BIG NO-NO.

After checking around, I found a lot of my friends had the same problem. After doing some research I found out that there is a new wave of attacks by morally destitute hackers - this one was not as harmful as most, but is used to trick a person into submitting their email address and other information, presumably for the purpose of spamming. A blogger from the reputable security company Trend Micro found that the spammer owns several hundred domains, and is known to have links to cybercriminals. 

There are other dangerous attacks that are occurring...one of them in recent months is named the Koobface Virus, which hacks into a profile to gather personal information, and potentially turn a victim's computer into a Zombie attacking computer, takes your cc info, etc. etc.

I quickly informed my friend of the situation. She was smart to quickly change her password, and also notify all of her friends that any such posts are NOT from her.  Great job!

Here are five ways you can prevent a Social Networking Attack:

  1. Check the source - a new website, idea or fun application is not necessarily bad. But in line with Bill Gates' motto "Trust But Verify", make sure you find out where this thing comes from. If someone recommended a site to you, check with that person before installing anything or visiting the site. If you receive an email, look at the email address very closely to ensure it is from a reputable source. And before you install anything with a .exe extension, double and triple check the source!

  2. Protect your password like George Costanza - You remember that episode where he wouldn't give the password "Bosco" out to anyone...even his fiancee or a guy stuck in a burning ATM booth? That might be a bit extreme, but if your password or profile information is requested, be vewwwy vewwwy careful.

  3. Don't install tons of third party applications - Let's face(book) it, we allow a lot of apps to access our personal info. But how many of them do we actually use? I do use a few like Superpoke, Test Your IQ and What Superhero are you (I was Professor Xavier), but we don't have enough time to use all of them. Therefore I suggest that you keep your apps down to...um let's say 10. And make sure others have used them so you know they are safe

  4. Help your friends protect themselves - If you see something suspect on someone else's profile, let them know. If they don't respond right away you might want to even consider writing on their wall to ignore particular messages that may have been posted as a result of a hack. I did this when my friend did not respond right away, and I think she appreciated it. (If you don't hear from me in a week, it means she did not appreciate it, and she used a baseball bat to state her case).

  5. This one is pretty Captain Obvious, but make sure you have good anti-virus and anti-spyware protection. I recommend AVG or Norton for Antivirus, and Spybot as an AntiSpy. Also check out Comodo - a free firewall that I've used for the last year. It is a paranoid little program, but my PC has been safe thus far.
Some additional resources regarding the latest Facebook Information:
Hey everyone...Happy New Year. I know some of you out there are worried about the economy and the state of the world, but remember that success isn't just measured in dollars and cents. Care for your fellow human beings, and the rest will take care of itself. God Bless all of you in 2009 and beyond. "rockOn!"

Sincerely,

Tom Ossa
Rockland Web Design
(845) 271 - 4488

3 comments:

Joel Wachtel said...

Tom’s article is very much on point. However, as a full time tech, I would be remiss if I failed to point out that Norton is not a program I would recommend for many reasons. First off, Norton is a serious resource hog. I have seen Norton bring substantial systems to their knees, slowing them up to the speed of a fast moving glacier!

You can verify this on TechRepublic.com, tech support e-magazine. Recently they polled the readers on which antivirus program they preferred. They provided a list of the common products, but did NOT list AVG. Well AVG won by write-in!

My experience is simple on viruses. The overwhelming majority of computers I have taken viruses out of were running one of the three largest legacy AV programs – Norton, MacAfee, or Symantec. Now it’s true that these were the consumer products and not the corporate offerings. But these are the programs given away by many manufacturers (Dell, HP, etc) as “trial” programs. And as they say you get what you pay for!

Personally I have a server, 3 desktops and 2 laptops and I have run AVG for 3 years now and have never had any virus infections. I have gone to known “poisoned sites” to see what would happen and AVG 8.0 seems to be bulletproof! So AVG is the only product I sell!

Other good AV programs also include Kapersky, Panda and Nod32, in my humble opinion.

Last note about viruses, many of the “pirate sites” and bit torrent sites offer tons of free content. But its easy to understand when you think about it, if you were a sicko who got off on spreading viruses, where would you put them to be easily gotten? It makes sense that one place would be these free sites. Another rule I live by – none of my commercial customers are allowed to use Limewire! Trust me – 1 in 10 downloads will be infected!

In closing, I still ponder why people who intentionally damage systems and data with these programs, like AV2009 -2009 (A scareware virus or fake Trojan that attempts to get you to buy their “software” to clean your system.) are not aggressively pursued by the authorities. There are millions of dollars being spent to remove this stuff and to recover data because of it. It seems simple to me – intentionally infecting or damaging a computer via a malicious program should be a crime!

Just one tech’s opinion.

Soapbox off!

Joel Wachtel
Computer Troubleshooters of Spring Valley

Tom from Rockland Web Design said...

Joel,

Yeah I know you've been beating me up on the whole Norton thing. I'm just basing it on personal experience when I had it on my system for a few years. Up until last year everything was fine - but then I got hit with the Vundo and Metajuan viruses at the same time, and that's when I ran to you for help. :-) AVG has been protecting me ever since, and I haven't had any problems in the past year - knock on wood.

Limewire is still a big problem out there. What cracks me up is a person that runs a business PC or server - and installs that file-sharing program. It's like saying to hackers, "Sure...you can take my financial data and destroy my computer! It's a good tradeoff as long as I can play Britney Spears' 'Blackout' for free." (Yes I know "Circus" is the new album, but I still associate her with passing out from too much inebriation)

There is probably no legislation yet because governments would spend too much money tracking down hackers that are doing it just to get their kicks, and have no real profit motive.

Thanks for the post. I'll see you this weekend to watch Dark Knight on Blu Ray.

Tom Ossa
Rockland Web Design
Stony Point, NY
(845) 271 - 4488

Tom from Rockland Web Design said...

Check out our latest blog at Rockland Web Design