If you have been bitten by the social network bug, there's more to it than online pets and wall posts. Security and looking after your privacy has become a major concern with people posting all maner of information on these sites. Here's how you can play it safe in a social world.

l)Most web posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites.

Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently.

2) The Top Search Results from Google are Safe, Right? Search engine poisoning is growing in popularity and used by cybercriminals to boost links to Web sites with malicious code or spam, up in the search rankings. Many users assume that the top results are "safe" but really they are directed to infected Web sites. For example in March, basketball fans who typed "March Madness" into their Google search bar and clicked on many of the top ranking links were actually led to Web sites infected with "rogue antivirus" software.

3) You're really not Infected; Be Careful Before You Download: In the past year Cybercriminals have increasingly used what's known as "rogue antivirus" to get information like credit card numbers and other private information from Web users. Typically, rogue antivirus authors use search engine poisoning to drive traffic to sites they own or have infected (as noted above). Often they post links on blogs and forums that link back to a malicious site under their control. When a user visits these sites, a window pops up warning them that their computer has been infected with malware. The user is prompted to pay money and download an "antivirus" software program to clean their system. In reality, the attackers have tricked the user into disclosing their credit card information to pay for the fake software as well as successfully installed malware on the user's machine. One example is the well-ficker worm observed a file downloaded onto their machine. Upon running the file, the user was asked to pay to remove the" detected threat."

The Anti-Phishing Working Group recently published statistics showing that the numbers of rogue antivirus programs rose 225 percent from July 2008 to December 2008.

Rogue antivirus attacks play on the fears of Web users and are a ploy for money, when in fact the computer user has not been infected, nor do they need to install an antivirus program.

4) Sadly, Yo,u Really Can't Trust Your Friends or Your Social Network As a tweet from the Websense Security Labs recently stated, "Web threats delivered via your personal Web 2.0 social network is the new black - do not automatically trust suspicious messages from friends."

The social networking explosion has created new ways of delivering threats. Web users are so accustomed to receiving tweets with shortened URLs, video links posted to their Facebook pages and email messages purportedly from the social networking sites themselves that most people don't even hesitate to click on a link because they trust the sender.


Name: Web_Shield_alert.jpg Views: 310 Size: 47.5 KB