Social networking malware: Protect yourself

As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent websites and deploying malware throughout their computers and networks, accoring to a a new report by MessageLabs.

While spamming via e-mail services remains prevalent, "spammers see social networks as the new horizon," says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a website that says "Are you a human?"

Luckily, if you're wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As social networking tools change the way we communicate, spammers have begun turning their attention to services such as Facebook and MySpace, tricking users into installing viruses, launching fraudulent websites and deploying malware throughout their computers and networks, accoring to a a new report by MessageLabs.

While spamming via e-mail services remains prevalent, "spammers see social networks as the new horizon," says Matt Sergeant, senior anti-spam technologist at MessageLabs. Spammers have managed to set up phony social networking accounts, according to MessageLabs, by breaking the protections set in place by a safeguard known as CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), the letters you normally have to type in when you register for a website that says "Are you a human?"

Luckily, if you're wading in the social networking pool, you can revisit some core security principles in order to protect yourself from spammers and other characters on Facebook who can ruin your computer or identity, Sergeant says.

1. Re-do your password: It's probably not strong enough

Some cyber criminals have become remarkably good at obtaining social networking passwords through phishing schemes. Sergeant cites the case of a spammer in Canada who lured Facebook users into offering up their personal information to sign up for products offered by a fake company selling "male enhancement drugs."

In a lawsuit, which Facebook won for an amount just shy of $900 million, the social network alleged that the spammer sent out four million spam messages from accounts in which he had obtained the passwords.

Sergeant says not only should users be wary of phishing schemes, but also of the fact that research indicates spammers are able to guess passwords. He suggests beefing up your password with unpredictable letters, phrases and numbers. At CIO, we recommend checking out this helpful password how-to from our sister site, csoonline.com.

2. Watch those third-party applications

Facebook has built an ecosystem of third party applications, from games to widgets. But some apps have been shown to be completely fraudulent. Applications have been created to install malware on your computer and access your personal information (a right that third-party apps typically reserve to do on Facebook).

While Facebook does a good job of policing the site and dealing with app problems once they learn of them, the ecosystem is so big that it's hard to stop poor players, Sergeant says. So users must be educated and cautious about installing apps. In general, Sergeant says, watch for apps that bait you with learning a piece of information by clicking on a button (since this generally will initiate an install).

These apps tend to pander to basic human curiosities. A common example: "Jane has written some personal information about you! Click here to find how what she said!"

Remember that when you click to install an app like that, it not only puts your computer and network at risk, but also potentially sends the same invite out to everyone on your friend list.