Cyber-criminals targeting social networks

Published 30 July 2009

Cyber-criminals are drawn to the wealth of personal information supplied by users of social networks

Facebook, MySpace, and other social networking sites are increasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites — name, date of birth, address, job details, e-mail, and phone numbers — is a windfall for hackers, participants at Campus Party, one of the world’s biggest gatherings of Internet enthusiasts, said.

AFP reports that a vicious virus Koobface — “koob” being “book” in reverse — has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security. “Its spread has been very significant and it has been detected in 4,000 different variants,” he told AFP at the week-long event which wraps up Sunday in Valencia in eastern Spain.

The virus hijacks the accounts of social networking site users and sends messages steering friends to hostile sites containing malware, a malicious software often designed to infiltrate a computer system for illicit purposes.

In one of its variants, Koobface sends the victim a warning that its Flash player is outdated along with an invitation to download a new version, which is is in fact the virus.

Malware can be used to steal bank account data or credit card information once installed on a personal computer.

Facebook has sought to resist attacks by Koobface and similar viruses by blocking links to hostile sites and shutting down accounts from users that show signs of infection, such as sending too many messages. “You also must be very careful with people who ask to join your friends list,” said Laura Garcia, who writes a popular blog about Internet security, adding that hackers often sent requests.

Another danger of social networking sites are the popular quizzes, horoscopes and games made available for free to users which can sometimes be used to hide links to hostile sites, she added. Birthday greetings and well as messages sent at Christmas and other holidays may also appear to come from friends when in fact they are linked directly to sites that try to convince would-be victims to reveal personal information like passwords or bank numbers, said Martinez.

The vulnerability of social networking sites was underscored in a study by security company Sophos made public earlier this month. It found that about half of all companies in the United States block some or all access to them due to concerns about cyber incursions via the sites (see also 22 July 209 HSNW).

Facebook says that less than 1 percent of its users have been affected by a security issue, such as a virus, since the site opened in 2004. Garcia said the number of viruses detected in recent years has exploded while the profile of cyber-criminals has changed. “Before it was very savvy teenagers who wanted to show off their computer skills. Now you don’t really need to know much about information technology to be a hacker, all the tools have already been created,” she said.

Real cyber-crime mafias have now taken over, especially in Russia, China Brazil and the Ukraine whose goals are purely economic gain, she said, underscoring that hacking could be highly lucrative. For an initial investment of $1,500 for Mpack, a program created to infect web pages, hackers can obtain a profit of between 21,000 and 847,000 dollars in just one month, Martinez said.

Around 6,000 people are expected to attend the Campus Party, which unites participants from all over the world to share ideas, experiences and all types of activities related to computers, communications and new technology.

The annual event began in Spain in 1997. Editions of the event have since been held in Brazil and Colombia.