Feb 12, 2014 (Wed): Fortinet reminds Malaysian Internet users to keep their Valentine’s Day free of social media malware. The global leader in high-performance network security has revealed a new kind of electronic socially transmitted infection (STI), which can cause almost as much pain as that other kind.
Social media has evolved from sharing personal details to something that is far more dangerous: sharing links. Linking, and the subsequent clicking of these links, changes the Internet landscape as malware can now spread faster and more effectively through social media as compared to email.
“Socially transmitted infections are getting more sophisticated every day. As a result, it is almost impossible to be 100% protected, unless one considers complete Internet abstinence a solution. However, by practicing safe surfing and a lot of common sense, one can greatly reduce the chances of getting infected by social media malware,” said Eric Chan, regional technical director for Fortinet Southeast Asia and Hong Kong.
He explained that attacks frequently involve the installation of malware that can later be used to add one’s computer to the botnet that caused the attack, causing it to grow even more powerful. “Botnets are also often used to generate online buzz for companies or individuals through social media posting, an activity known as ‘like farming’,” added Chan.
Today, there are a number of tricks that hackers use to get malware into one’s computer including sending messages out about popular topics to get more views, making downloads appear to be from legitimate sources, such as fake updates for Flash, disabling the computer’s antivirus and sending the end-user to compromised websites, as well as adding malicious extensions to one’s browser that can hijack his or her social media accounts.
Once a user has caught STI, the most commonly attacked items are the user credentials. Password theft makes the news frequently, such as the recent attack by the Pony Botnet which resulted in the theft of two million credentials for sites such as Facebook, LinkedIn, and Twitter. Having a password stolen can be risky, especially for anyone who uses the same password in multiple places, such as online shopping sites or even work computers.
How to Practice Safe Surfing
1. Always Use (Unique) Protection
Having secure passwords goes beyond the regular precautions of mixing letters, numbers, and special characters. The most important thing is to have every password be unique to the account it is associated with. This way, having one account breached won’t cause all your other accounts to be vulnerable. A good way to secure your password is to use a password manager. Password managers not only securely store your passwords but can also create new ones that are difficult to guess.
Also be sure that you have secure secret questions that you will remember but that cannot be easily guessed by casual acquaintances. For extra security, memorize incorrect answers to common security questions.
Once you have set a secure password, you should change it often and never share it. If for some reason you have to share your password, do not send this information across a network, and change it as soon as possible.
2. Make VD Stand for Virus Detection
All computers need to have anti-virus and anti-malware programs installed and kept updated. It is also recommended to scan your computer on a regular basis, especially if you often download files from the Internet.
3. Think before You Click
If you see a friend post something that seems unusual for them, don’t click it! Instead, check with them to see if it’s legitimate. Be especially careful about links from high profile accounts, such as celebrities, since they make great STI targets. You should also avoid clicking links in generic posts, like “hey, check this out!”
You should also keep an eye on URLs, to make sure they match where you’re supposed to be. Watch out for malicious websites that will put a familiar name within their URL to fool you into thinking it’s affiliated with that site. If a link uses a short URL, hover over it with your mouse to see the address in full before clicking it. Finally, if you ever see an ad for a deal that seems too good to be true, it probably is.
4. Pass Information, Not Infection
Protect yourself by protecting your friends, who are the ones most likely to put you at risk of catching an STI. Make sure they know what social malware is and what they can do to prevent them (perhaps by passing this paper along to them). If you ever have reason to believe that one of your contacts has had their account compromised, let them know immediately and make sure they know what to do to regain control of their account.