SpiderFarmer » Technology

Avoiding malware on twitter and other social networks

SpiderFarmer — Sat, 31 Oct 2009 02:25:26 +0000

Thanks to the popularity of social networking sites like Facebook and Twitter, it’s a given that malicious hackers will devise ways to exploit the sites’ numerous users in order to infect their computers with malware. This unwanted software is designed to do a number of terrible things ranging from identity theft to turning computer into remote-controllable “zombie” machines.

Without sufficient anti-virus and malware protection programs installed, social networking users can easily become victims to these ever-evolving attacks. However, the best way to avoid becoming a victim yourself is to be aware of what’s out there and what sorts of things you should avoid. Below are the best practices which you should use on Facebook and Twitter in order to keep yourself safe.

The Problem with Malicious Links

One of the most common vectors for attacks are malicious links posted either to Twitter or to your Facebook wall. In the past, such as with the malware known as Kooface, the troublesome links could be easily identified because they would often use a consistent phrase followed by a URL. For example, in August, Koobface was posting links that read “my home video ” which was followed by a URL and then a random component on the end such as “HA-HA-HA!!”, “W.O.W.”, “WOW”, “L.O.L.”, “LOL”, “;)” or “OMFG!!!”

Although the end piece changed from tweet to tweet, the message itself remained the same. However, security researcher Costin Raiu of Kaspersky Lab tells us that easy-to-identify messages are not as common anymore. Today, it’s much harder to identify malicious links thanks to two newer techniques being used by hackers. Below those two newer methods are described in more detail as is the tried-and-true method of spreading malware via email.

Method 1: Hijacking Twitter’s Trending Topics

The first technique, which really became popular in August of this year, involves hackers creating Twitter new accounts and then posting messages related to whatever trending, or “hot,” topic was being heavily discussed on Twitter at that time. This would allow the post to be aggregated in Twitter search results where unsuspecting users would click on the included link. The text accompanying the link would be intriguing to those interested in the subject, enticing them to click through.

Method 2: Hijacking Legitimate Accounts

The second technique involves infiltrating legitimate accounts through phishing attempts and other methods so that the hacker essentially has control over a “real” account. After control has been established, if on Twitter, the hacker will then tweet out links that redirect users to malware-infected sites. Because the tweets come from an account that already has an established set of followers, those reading the tweets assume it’s safe and don’t hesitate to click the links.

After infecting the account of a Facebook user, malware often uses that particular person’s account to spread, too. As with the malicious links on Twitter, because it appears that the links posted are from a trusted friend, other users don’t realize that the posted link is harmful.

On Facebook, one of the most problematic malware programs is Koobface, a particular type of malicious software that sees 20 to 30 new variations per day. Despite the number of variants out there, Koobface’s M.O. is relatively consistent: it tricks people into clicking links. These links appear on social networks like Facebook and Twitter, but also on MySpace, hi5, Bebo, Friendster, and others.

Method 3: Dangerous Email

A third method to encourage social networking users to click on infected links is the old but still effective technique of sending out spoofed email. Hackers can create email messages that appear to be sent from a social networking site. The messages prompt you to “update your account” or open an attachment containing your new password among other things.

Image Credit: Last Watchdog

Although many users are now wary of email, these techniques are still being seen in the wild, so it’s clear that to some extent they still work.

How To Stay Safe

There are a number of best practices that you should follow in order to stay safe and avoid infection. They are as follows:

Don’t assume a link is “safe” because it’s from a friend: As noted above, your friend’s account may be infected. You should never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn’t sound like something they would say, be wary, don’t click. If you’re unsure, try to contact them through another channel and see if the link is legit.
Don’t assume Twitter links are safe because Twitter is now scanning for malware: In August, Twitter partnered with Google to use Google’s Safe Browsing API, a technology that checks URLs against Google’s blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It’s better than no protection at all, but it’s not going to keep you entirely safe.
Don’t Assume Bit.ly Links are Safe: Earlier this year, Twitter’s default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google’s Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn’t prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However, as Raiu tells us, this is not 100% effective either. Kaspersky has identified a number of malicious links which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe – nothing ever is.
Use an up-to-date web browser: Kaspersky recommends using the latest version of your web browser and keeping it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 – and since this browser is attacked the most, it’s critical that you make sure it stays updated as needed. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in “sandboxes,” or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not able to effect the entire machine. Opera and Safari are also good browsers and should be kept current, too.
Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on.
Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe’s software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe’s site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.
Don’t assume you’re safe because you use a Mac: While it’s true that Mac users are less targeted than Windows users, they are not immune to malware, despite what those commercials may say. Although Apple did include some malware protection in their latest operating system, it only protects users from two trojans; you cannot count on it alone to protect you. There are a couple of hundred of trojans currently in the wild that specifically target Mac machines, according to Kaspersky. In fact, there may even be as many as a thousand, but researchers are unable to identify all of them because Mac users don’t typically run anti-virus software which is how much of the data is collected. These days, when a user clicks an infected link, the malicious web page will now sometimes identify whether that user is coming from a Windows or Mac machine and then display the appropriate version of the trojan accordingly. A particular family of trojans known as “DNS Changer” trojans are the most common ones used to attack Mac machines. The only way to really be sure that you’re protected against these malicious programs is to run anti-malware software on your Mac, but most Mac users won’t do so, preferring to take their chances since their risk is lower.
Be wary of email messages from social networks: Because email addresses can be “spoofed” by hackers, you can’t assume that an email from Facebook or Twitter is really from those the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links – especially if you’re being told to “update your account.” If you do click on a link and are taken to a web page that asks you to log into the site, DON’T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your Favorites.

It’s Not Just a Matter of Common Sense Anymore

As the above best practices show, a lot of the things you can do to protect yourself from malware are the same as they have been in the past – keep your computer and browser up-to-date, don’t open attachments, etc. However, malware is trickier to identify these days thanks to social networking sites. It now uses the trusted identities of your friends in order to lull its victims into a false sense of safety. You can no longer simply assume that because someone you know posted a link, it’s automatically safe. You can’t even assume that the networks themselves are safe, either. They’re not always scanned for malware-laden links, and when they are, such as is the case with Twitter, it’s not a 100% effective method.

Security researchers are actively working on better ways to fight this problem – for example, Kaspersky just announced their “Krab Krawler” project which will help keep their blacklists current by scanning for malicious links on Twitter, but it’s not a tool that end-users can download to protect themselves; it’s only one of many methods that security firms use to collect data about the malware on the internet. The best way to stay safe is to follow through with all the best practices – not just one or two. Malware isn’t ever going away, so everyone must do their own part in order to stay safe on the web.

How I was saved from iSmug, or How Apple Pissed Me Off

SpiderFarmer — Fri, 22 May 2009 21:30:03 +0000

The ongoing saga where I have to replace my aging laptop… Chapter 3 – My brush with hipsters

So…I almost drank the Apple Koolaid, and bought one of the new top end iMacs…with the Radeon 4850. But lo, I was saved from going to the smug side. (Or in Apple Terminology: iSmug.)

I called the apple store that is “local” for a given value of local, and asked if they had it in stock. The girl said yes. I even made her verify that it was in stock, because it’s a special order system. She put me on hold, then came back and said “yes”. So I drove an hour and a half in rush hour traffic to get to the store, had to park almost a half a mile away…in random rain sprinkles….had to go into one of the malls (NorthPark) populated by the plastic people that make me twitchy, finally got to the store, and they said “Oh, yeah…that’s a special order…you’ll have to order that from apple.com.” Then the little tween trendoid with more hair gel than sense suggested that perhaps I hadn’t talked to anyone at the store, because “nobody *here* could make that mistake”, implying ergo, that *I* was the one who made the mistake.

WTF?! Oh lord, was I pissed. Too pissed to deal rationally with anyone in Hipster Station. Genius bar my happy ass. So…I drove home…in rush hour traffic, and the rain, and with school zones every 30 damn yards…which made me even more cranky. And I called the store, and worked my way up the management chain to a “regional director”.

Who offered the following solution: They would order the 4850 card, take apart one of the macs in stock, put it in, and give me a 10% discount…but it would take 2 weeks, and my computer would show as refurbished, and therefor not eligible for warranty. I said “So…do you see how that’s not really a solution?” She said that she’d be happy to give me a discount on one of the older iMacs and I said “Again…not really a solution, is it?” I felt like I was in the Dead Parrot sketch.

So, for making me drive 3 hours in the rain, in rush hour, on a Friday, in Dallas, to go to the Hipster Station in the heart of Trophy Wife Central for no reason, Apple is now on The List. Oh yes. That List. Nobody wants on The List. Mind you, they’re not as high on The List as Dell…but they are on The List none the less.

Yea and verily have they made me a cranky Deva.

TED Archives

SpiderFarmer — Wed, 23 Jul 2008 05:34:15 +0000

The Technology, Entertainment, Design conference brings some of the most interesting people. For those of us that can’t make the conference, we can watch the videos from past conferences.

You bought it, but you don’t own it

SpiderFarmer — Mon, 21 Jul 2008 22:48:21 +0000

This just in from the EFF:

In a devastating blow to user rights, an Arizona federal court has ruled that consumers can be guilty of copyright infringement if they violate the end user license agreement (”EULA”) that comes with the software–even where the so-called “violation” is specifically excluded from copyright liability. Why? Because those protections only apply if you own the software you buy–not if you license it. Stunningly, this means that “cheating” while playing a computer game can expose you to potentially huge statutory damages for copyright infringement.

As we noted back in May, Blizzard Entertainment, the company that makes the hugely popular massively multi-player online role-playing game World of Warcraft, sued Michael Donnelly, the developer of Glider, a program that helps WoW users raise their character level to 70 by “playing” for the user. Blizzard said that because the license agreement forbids using Glider with WoW, Glider users are committing copyright infringement when they load copies of WoW into RAM in order to play the game, and Donnelly is illegally contributing to that infringement.

As Public Knowledge explained in its brief, Blizzard’s theory confuses a copyright holder’s intellectual property rights in the software it develops with a buyer’s rights in the actual copy of the software. An owner of software has a right to copy it if that copy is essential to the customer’s use of the software. (See Section 117 of the Copyright Act.) This rule helps balance the rights of the copyright holder to manage and benefit from its expressive work, and the rights of the public to use and build on that work.

Blizzard argued that players aren’t owners but merely software licensees, so Section 117 doesn’t apply. But the question of whether a user is an owner for purposes of Section 117 depends the substance of the transaction, not just how one party wants to describe it. For example, if you buy the software, keep it on your own computer and don’t have to return it when you are done, you probably own it.

Sadly, the court in this case found otherwise. It held that because Blizzard says the software is licensed, and because it imposes restrictions on use (including such standard restrictions as a requirement that a user who transfers her copy of the software to another must delete all copies from her computer). And that means that users who violate the EULA could be on the hook for copyright damages–including statutory damages, which start at $750 and rise to as high as $150,000 per infringed work. Most disappointing, the court gave short shrift to the absurd policy consequences of treating users who violate a contract as copyright infringers. The logical implication of the holding is that any time you buy software, be it film editing software, accounting software, iTunes, Skype, etc., software owners can always use license agreements to prevent you from ever having full control over your software and taking advantage of standard copyright limitations (such as the right to sell your copy [Section 109 of the Copyright Act] or the right to make copies necessary for use of the software [Section 117]). You can buy it, but you can’t own it.

But this decision is not the whole story: this is the third holding on the issue by district courts in the Ninth Circuit in the past three months. Given that the recent decisions vary considerably, it’s likely the appellate court will address the issue in the near term.

There’s one bright light on the horizon: the court found that WoW Glider does not violate the DMCA anticircumvention provisions by allowing users to evade “Warden,” which scans games players’ computers for unauthorized software. The DMCA prohibits the manufacture and sale of technology that allows the circumvention of technological measures that control access to a work. The court correctly held that Warden doesn’t “control access” to the WoW software already loaded on a user’s computer, and, therefore, WoWGlider doesn’t circumvent that access. (Though the court did leave some aspects of the claim open for exploration at trial).