Facebook, Twitter can't stop poisoned links

http://www.usatoday.com/tech/news/2011-03-22-facebook-phishing.htm

Facebook and Twitter appear stymied about how to slow a rising tide of poisoned web links seeping into all popular social networks.

A survey last December found 40% of social network users encountered malicious attacks, a 90% increase from April 2009, according to antivirus firm Sophos.

Meanwhile, a recent experiment by network security firm Dasient underscored just how easy it is for anyone to create a new social network account, then use the fresh account to circulate malicious links all across the service.

Social network denizens exacerbate the problem since most tend to click blindly on items, "The faith users put into social networks is providing an enormous universe of opportunity for nefarious actors," says Anup Ghosh, chief scientist of browser security firm Invincea.

Cybercriminals aim to trick you into clicking on a link that will give them full control of your PC. They can then scam you into purchasing worthless antivirus protection or filling out sketchy online surveys. They can even steal from your online financial accounts.

With 500 million members Facebook is by far the largest social network — and the No.1 target.

*
TECHNOLOGY LIVE: How cybercrooks spread poisoned Facebook links

"Facebook is a very enticing playground for bad guys," says Carole Theriault, senior consultant at Sophos. "It is no surprise that surveys have shown an increase in malware activity on the site."

Facebook spokesman Frederic Wolens says protecting users has long been a top priority for the company., Facebook filtering systems "have been very effective," he says, "and despite constant attacks, our data show that the vast majority of people on Facebook have never experienced a security issue on the site."

Twitter did not respond to interview requests for this story.

The experiment run by Dasient paint a different picture. Researchers set up new accounts at 11 leading social networks and found that none stopped them from posting links pre-loaded to deliver a type of malicious program that swiftly infects PCs. What's more, nine of the 11 networks tested failed to fully block links listed among Google's compilation of known poisoned websites. "The social networks we tested have some work to do on their malware countermeasures," says Neil Daswani, Dasient's chief technical officer.

In this backdrop, the scale and creativity of attacks continues to escalate, with Facebook and Twitter emerging as the top targets "because their high volume of usage ensures huge amounts of traffic," says Aryeh Goretsky, researcher at antivirus company ESET. The more traffic, the higher the odds of seeding an attack that goes viral, he says.

One recent large scale attack revolved around a Facebook posting purportedly carrying a link to a video of pop singer Miley Cyrus. doing something lewd. Clicking on the link instead led to a series of additional links that connected the victim's PC to premium rate text-messaging service and began spreading the Miley Cyrus posting to the victim's friends.

"Cybercriminals prey on our natural curiosity to view sensational content," says Jamie Tomasello, security director at messaging security firm Cloudmark.

In another caper, the user must complete a simple verification test to view an enticing video, for example, a whale that the Japanese tsunami smashed into a building. One click activates Facebook's "like" button, which results in reposting the original message to other Facebook users.

Antivirus programs cannot stop malicious code spreading in this fashion because the bad programs are operating as part of the Facebook application. Users should always "think before you click," Goretsky says.

Additionally, Facebook and Twitter face an uphill battle blocking poisoned links because criminals can easily determine if their links are being filtered and have proven adept at quickly switching to fresh links, says Gunter Ollmann, research vice president at network security firm Damballa.

"Bypassing Google's Safe Browsing list and similar technologies is trivial," says Ollman. "While public awareness of the threat has been increasing, the capabilities of the attackers has been increasing at an even faster rate."