Kaspersky Labs has an interesting article on how the bad guys are exploiting the trusted nature of Facebook, MySpace and other social networking sites to launch attacks and spread malware. Note that you may need to create an account at Kaspersky in order to access the article.
Basically the idea is to exploit the poor security (e.g., passwords are sent in clear text for many social networking sites) to gain a position of trust that can then be exploited. The exploits are frequently familiar such as "advanced fee fraud" (also known as a Nigerian 419 scam) but people who wouldn't think about responding to the traditional e-mail scam are being hooked by the same fraud since it appears to come from a "trusted" friend. The level of trust users put into these sites makes tham a "social engineer's dream."
Cheers,
Dave
Subscribe to:
Post Comments (Atom)
About Me
- DaveAtFraud
- B.Sc. ('78) and M.Sc. ('80) in Math from Ohio State followed by 12 yrs at TRW and a variety of software development positions since then. Currently living in Colorado and enjoying "trial retirement". For fun I climb mountains in the summer and ski down them in the winter, fix gourmet food and have an excellent wine cellar.
Didn't Jeremy mention risk with using web appliances in Facebook? Yet more risks from social networking sites
ReplyDelete