Friday, June 11, 2010

Beware of these 6 social networking scams!

A techie recently fell prey to a spammer and lost thousands of rupees from his bank account. And he is not alone, despite many warnings issued to users, scamsters continue spread havoc.
At a time when the gap between the virtual and the real world is thinning down, it is your duty to protect yourself from fraudsters online.
With more people logging on to networking sites, there is a flurry of activity. Spammers are now devising innovative methods to abuse and cheat online users. An Accenture survey has revealed that India has the second-highest number of people (85 per cent) who use social networking at least occasionally.
Global consumers spent more than five and half hours on social networking sites like Facebook and Twitter in December 2009, an 82 per cent increase from the same time last year when users were spending just over three hours on social networking sites, according to The Nielsen Company. In addition, the overall traffic to social networking sites has grown over the last three years.
Cyber criminals are thus exploiting this huge growth. They lure users across social networking sites to open spam 
email, and steal personal data in order to understand what subjects would tempt the user. If you are not careful about protecting vital information, the loss would be beyond your imagination.
Symantec has listed top 6 ways that spammers leverage social networking sites

1. Trojan.Twebot
Symantec has detected a new Trojan botnet creator tool, called "TwitterNet Builder". The threat, called Trojan.Twebot, uses a Twitter account to issue instructions to the Trojans created by the builder. When building Trojan.Twebot, the user is able to supply a public
Twitter account for Trojan. Twebot to follow. As Trojan.Twebot does not try to obfuscate commands on Twitter, it will not be difficult for Twitter security staff to find and close accounts abusing their service in this way.
Botmasters tweet their commands to zombie The threat, called Trojan.Twebot, uses a Twitter account to issue instructions to the Trojansputers, through smart phones
Trojan. Twebot has a number of the usual commands you would expect to see, such as ".DOWNLOAD" to download additional files and ".DDOS" to perform a distributed denial-of-service attack. However, it also has the interesting command ".SAY". This command allows an attacker to get a compromised computer to use the operating system's Text-to-Speech function to read aloud any messages sent by the attacker.
Symantec recreated the attack in a controlled environment (in the lab) to show how Twitter is used as a command-and-control server for Trojan.Twebot and how by using smart phones, attackers can easily issue commands to their botnet.

2. Twitter accounts with celebrity names
Twitter is also increasingly being hijacked for spam, using celebrity names. For example, a Chinese retailer has used David Beckam to push sales , tricking users into believing that the football star is following them.
The credibility of the fake account is bolstered by other fraudulent accounts linking back to it and by cross-following legitimate Twitter accounts, which will probably have been hacked earlier. In this particular case, the false David followed over a thousand accounts with a single common link - the account name contains the word "candid".
This malicious activity is fast becoming common practice nowadays. Attackers are creating Twitter accounts as a vehicle for spam advertising and, sometimes, they even include
So is David Beckham following your tweets? Probably not. Unfortunately, the spammers often succeed because many people allow their curiosity to get the better of them and click on nearly every link they see without thinking about the consequences.
Remember, always be sceptical if someone you don't know starts following you or sends you strange direct messages. Also, always check the account carefully. It is not always easy to determine if you are reading the official Twitter account of someone real or that of a clever impostor.
3. Facebook toolbar
Spam e-mails have been doing the rounds on the Internet hoping to lure recipients into downloading a Facebook toolbar. If you download the file by clicking on "Download Here", you'll see a file with the icon shown below:
If you take a closer look at the icon, "darkSector" is shown inside of it. How strange. Is this actually a Facebook toolbar? If we take a look at the property of the file, the details mentioned are for a program called HijackThis (a Dropping Trojans through social networking downloads security software). This is even stranger.
Well, the file is neither a Facebook toolbar nor HijackThis. It's a malware detected by Symantec software as Trojan.Dropper.
Whenever you come across oddities like this, you can take similar steps to check if something could potentially have malicious intentions.

4. The Koobface worm
This worm infects users by using social engineering attacks. It spreads by abusing social networking websites or by employing search engine optimisation techniques to lure potential victims to malicious sites.
The infrastructure used by the Koobface gang is relatively simple: a central server redirects victims to one of the infected bots where the social engineering attack takes place. While the central redirection point has been actively targeted by take-down requests, the Koobface gang has so far been quick.
A year has passed since Koobface was first detected; yet, this worm and the people behind it are still very active in keeping their infrastructure up to date, finding new means of propagating the infection, and taking advantage of their victims.
In just three weeks, Symantec observed 17,170 distinct infected IP addresses. Several Indian cities 

5) Symantec has witnessed a malicious spam campaign against Facebook, accompanied by a phishing attack. These messages look like an official Facebook invite or password reset confirmation mail. If we place the cursor over the update button in the message, we can actually see the phishing URL in the status bar.
If a user clicks on the "Update" button, he or she is redirected to a Facebook look-alike phishing site. Here, users are asked to enter a password to complete the update procedure.
Unfortunately, the user's password will be stolen if they try to log in on this page. Similarly, another malware or phishing attack using URLs in the coming day(s) on MySpace. Social networking sites with huge user bases are targeted to infect maximum machines or gather passwords for more malicious activities in future.
Users need to be extra careful of suspicious attachments, especially those including a "password reset" request because legitimate websites will not send an attachment for resetting a password.

6) In the past, spammers would register their own accounts and then send unsolicited messages through the social networking site. By default, the site generated automated email to let the user know that there is a new message.
While such notifications are technically legitimate, the user would have most likely considered the messages as spam, due to the unsolicited content. For spammers, this technique had a shortcoming - the message sent to the user was from an unknown person/entity.
Recently, Symantec has observed a rise in a newer technique of social networking site abuse. Symantec has confirmed that this account was not created for spamming purposes. Instead, the sender's account was hijacked and this message was sent to everyone who is "connected" (direct friend, friend of a friend, etc).
If the user navigates to the Web page provided in the message, Bloodhound.PDF.10 tries to load. In the example, the sender was not a direct friend with the user. However, it is highly likely that the user could receive such messages from a direct friend. This could give the user a false sense of confidence, which may lead to malware being installed on the user's machine.
It is a good reminder to all social networking site users that the message really may not be from a friend, even if it is from a friend.

Its getting day by day more difficult to keep ur self safe on net - try to be more prudent and it might help you a long way.

Enhanced by Zemanta


  1. Amazing blog and very interesting stuff you got here! I definitely learned a lot from reading through some of your earlier posts as well and decided to drop a comment on this one!