“In the same way that the popularity of social networking sites makes them a widely accepted tool for businesses to reach customers and elevate brand awareness, it also appeals to cybercriminals seeking a large pool of captive users to be targeted for malware and spam attacks”, said Christopher Boyd, senior threat researcher at GFI Software. He noted that Facebook, Twitter, Tumblr and Pinterest were particularly targeted in April.
Twitter users, says GFI, were targeted for the distribution of fake anti-virus trojans. A spam campaign run through compromised accounts and Twitter spam-bots tweeted a link labeled ‘must-see’; but it led to a fake anti-virus infection. If installed, the malware pops up repeated virus warnings demanding payment to cleanse the user’s computer. The next day, says GFI, additional links used the Blackhole exploit kit to infect victims’ machines with malware before automatically sending them to a site that was hosting another scareware program called ‘Windows Antivirus Patch.’
Twitter was also used to direct users to Pinterest, where the spam account ‘Pinterestdep’ claimed to offer Visa gift cards to users willing to provide their opinions about Pinterest. Instead, says GFI, “victims were sent to a site which required them to complete up to 11 reward offers and to refer three friends to do so as well.”
Typo-squatting was used for Tumblr. If anyone mistakenly entered ‘Tublr’ they were sent to a site that said the visitor had been selected as a ‘daily winner’, which did nothing more than require the user to complete forms in order to claim the prize.
Finally, GFI describes a repeat of a popular lure already used extensively on both Facebook and MySpace. Targets are tricked into installing a fake application that claims to provide a list of people who had viewed their profile – but in this instance all it does is spam the victim’s fiends “in order to spread the fake application among their network and serve them with surveys that generate affiliate cash for the scammer.”
| The danger with social networking is that it can be very unsociable to those who don’t take care. |