Fake Buddy Requests Endanger Office Computers
Protect Education & Corporate PCs
A disturbing trend threatens the security of computers in small organizations like schools, libraries and businesses. Users of social networking sites (such as Myspace, FaceBook and Friendster) are receiving buddy or friend requests from the profiles of fictitious people, or people whose identity has been stolen.
According to “MessageLabs Intelligence: 2008 Annual Security Report,” the rogue profiles are concocted by hackers seeking to propagate spam, spread viruses or steal private information. “The buddy requests appeare genuine as they originate from the real social networking site and consequently their headers [are] intact and correct.” Further, says the Report, the e-mail address associated with the fake profiles are real, though they were created automatically by software that enables the hacker to create many outlaw e-mail accounts automatically, with little effort on the part of the hacker.
A fake profile may purport to belong to a celebrity, a real friend or even a reputable business person.
The goal of these deceptive buddy requests is to trick the victim into clicking on something unwittingly. The click may deliver spam to the victim, steal personal information or slip malware (like a virus) onto the victim’s personal computer. If the victim is operating from a network at an office or a school, the malware might infect not only the victim’s laptop, but other PCs on the network as well.
Hackers seek personal information about victims so that (among other things) they can manipulate the victims (“phishing them”) into trusting the hackers and disclosing passwords or downloading malware like botnet software. (A botnet is a robotized army of infected computers that does the hacker’s evil bidding.)
Social networks are exploding in popularity. But they are relatively new computing environments, constantly adding new functionality. As “Web 2.0,” they emphasize interaction among users and the sharing of multimedia content like video.
All this makes the social nets fertile ground for hackers and scammers. According to the MessageLabs Report, Web 2.0 “toolkits” now empower hackers easily to create boobytraps that look like appealing media but actually deliver something unexpected and sinister to the victim’s machine.
These dangers can motivate businesses and libraries to block, restrict or at least closely monitor social sites visited from their computers. The Maryland General Assembly, for instance, has blocked Facebook and Myspace from its computers.
At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.