Spammers Attacks on Facebook Intensified in Last Few Months
Max Kelly, Chief Security Officer, Facebook, said in Infosecurity Europe Conference in London (April 22-24, 2008), that attacks on Facebook in the last few months emerged as a serious issue, as reported by ZDnet on April 22, 2008.
Security officials of Facebook realized the gravity of situation emerging by increased threats in January 2008. They classified the threats as those usually faced by other large networks. The hack attacks comprise both specific and non-specific threats in which edge-of-network incursion attempts and exploitation of application vulnerability form non-specific threats while phishing attacks targeted at users structured as e-mails claiming to be from Facebook include in specific threats.
Kelly added that undoubtedly, Facebook became a potential target for spammers and stealing of data is a serious issue. Though most of the times hackers' efforts to capture data go vain, yet people carry on their trials. Moreover, SQL injection and CSS attacks are not unknown to Facebook.
Citing a recent example of attack, Kelly said that the site system found an obscure hacker who was using features in automated fashion. Actually, the motive of hacker was to delete users' e-mail addresses from the system and therefore, the attempt could be termed as prelude to phishing and spam attack.
Martyn Croft, Head of Corporate Systems, Salvation Army, said that the problems arising from use of social networking sites by corporate world (including malware infection and reduction in productivity) are "very real", as reported by Itweek on April 22,2008.
Martyn further added that social engineering is a gold mine for attackers as it gives access to valuable information and spread malware. But for the company, establishing brand value is very critical otherwise it will loose revenue.
Additionally, social engineering sites are gradually turning out to be home for malicious Java script. It is an easy, effective way to make enterprises victims, as it is built for a purpose. Protection against malicious Java script to enterprises is also very difficult.
Hence, security researchers are warning users against social networking sites because they deliberately deploy minimum security, creating serious security issues. In the end, it's the users who get affected not these sites.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 28-04-2008