Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

GDATA: CyberCrime 2.0, Criminals love social networking, Facebook & Co are highly rated by online criminals

December 2008 by G DATA

Social Networks
offer people across the world numerous opportunities for
socialising with new contacts or keeping in touch with old
ones. And it’s not only the die-hard networkers who are impressed
with platforms such as Facebook, My Space, XING
or Linkedin. The shadow economy has also discovered that
networking pays. According to analyses made by G DATA
Security Labs, the criminals have long been using the idea of
these participation networks for their own purposes. The
infiltration of communities, the spreading of spam or malware have in the
meantime become a part of everyday life within social networks. And the trend
is increasing!

The potential abuses the criminals have conceived are highly varied and
range from targeted spying on personal data, through spam and phishing mail
distribution up to exploitation of security holes within the particular social networking
platform.

Ralf Benzmüller, manager of G DATA Security Labs, is
sounding the alarm: "Online criminals have been thinking on
community lines for a long time. During the past few months,
we have observed a threatening increase in criminal activity
within social networks. Hardly any community remains unaffected.
The tactics of the offenders are ingenious and
embrace the entire eCrime repertoire. Alongside the direct
insertion of malware or the distribution of mass mailings, the
offenders use social networks to entice users to primed websites. The
objective: infection of computers through drive-by infections or file downloads
or enticing potential purchasers to the ordering pages for dubious offers."
The high acceptance of social networks and their specialisation on individual
topics brings the criminals a rich yield: "In comparison with the real world,
costs, effort and possible profit offer criminals a particularly favourable costprofit
ratio. Facebook alone has more than 130 million global users," sums up
Ralf Benzmüller. "The sub-division into sub-communities means spammers
can accurately direct their junk mail at a particular target group."

Targeted attacks on companies

The information, which members of social networks divulge about themselves
and their living circumstances, also permits cyber criminals to carry out targeted
attacks on companies. "With the information that you can collect in Xing
about a particular company, targeted phishing mails can be sent to company
management, sales or accounts. This can take into account, position within
the company, colleagues and hobbies. Tailor-made spyware Trojans infiltrated
in this manner can ruin companies," warns Ralf Benzmüller.

The largest social networks (worldwide)
Platform Users (in millions)
Facebook 132
My Space 117
Hi5 56
Friendster 37
Orkut 34
Bebo 24
Skyrock 21
XING 6,53

(Source: comSource, 09/2008, XING)

Personal data targeted

Alongside the direct insertion of malware or the
distribution of mass mailings, the offenders use social
networks to lure users to primed websites where they
can steal personal data so that they can sell it for a
profit. Targeted by the offenders are login data and
classical account data, telephone numbers, email
addresses and dates of birth. G DATA Security Labs
has currently determined a black market price of some € 40 for 500 MB of uncleaned
data. The receivers of this stolen data sell this data on many times
over to dubious foreign call-centres thus providing them with easier access to
customers.

The transparent networker

Platform users often frivolously expose personal or company data to a wide
spectrum of the public. Information which, for example, with Xing or Linkedin
is published without protection is available not just to friends. Using services
such as 123people or Yasni, it is easy to compile user profiles, places of residence
or hobbies and use them for targeted attacks. "Essentially you should
only publish in Social Networks, what you would also happily write on an advertising
hoarding at a central station. Companies should release appropriate
guidelines to limit abuse," says security expert Ralf Benzmüller.
Basic security measures
If you are using social networks and wish to minimise your personal security
risk when doing so, you should follow some basic security tips:
• A computer can be infected with malware by merely visiting a website
(drive-by-download), without any hard disk access taking place. Classical
virus scanners, which only monitor the file system, can therefore be
ineffective. Additional protection is offered by an http scanner, which
checks the web content before it reaches the Internet browser and can
cause possible harm.
• Users of Xing, Linkedin and Co. should only make their personal data
available to selected persons. Otherwise people search engines such
as 123people or Yasni can index, save and make this personal data
available to anyone who wants it.
• The virus protection, the
operating system and the
browser should always be
updated to the latest
version. This closes any
possible security holes and ensures that your virus defences are always
up to date.
• A bit of scepticism about friend requests from unknown persons - who
could be dealers in stolen data on the look-out for personal data which
they can then sell on - is also a good idea.
• Do not respond to queries in which you are asked to reveal
passwords, account numbers, PIN codes or other personal information,
especially if you are threatened
with having your account closed.
• Use complex passwords. Avoid readily accessible terms, names or
dates of birth. Otherwise you run the risk of having your password
guessed. Rather select a password combination of letters, numbers and
special characters, which you won’t find in any dictionary.
• Use a different password for every community!


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts