US Government’s Support May Make Social Media Sites Vulnerable to Malware Attacks

While the Obama government's support for social media is a welcome step, security specialists state that it is simultaneously important that the government takes more steps to educate people about the dangers of cyber-attacks like the recent one which brought down Twitter, the messaging website.

Tom Kellermann, Core Security Technologies' Vice President of Security Awareness and Former Senior Specialist on data risk management for the treasury security squad of the World Bank, states that by backing the social media, the Obama administration could make the public falsely think that it is secured, as reported by NEXTGOV on August 7, 2009.

Kellermann further said - people have great faith in the president as well as his administration's missives which could prompt them to click on web-links that could lead to system corruption.

Security experts warn that cyber criminals are increasingly exploiting personal information shared on social-networking websites like MySpace or Facebook for capturing bank account credentials.

Community-oriented websites like Twitter, Facebook, LinkedIn and YouTube where users generate content have substituted electronic mails and the Internet's shady corners as the chosen medium for phishing users off their private data, hitting them with mass junk e-mails or infecting their computers with malicious code.

Meanwhile, Moscow-based antivirus vendor 'Kaspersky Labs' reported that the total number of malware items propagating via social networks increased from 10,000 to over 25,000 during 2007-2008. In 2009 alone, analysts anticipate that there will be over 100,000 malicious files.

Social media websites could be targets of spear phishers i.e. hackers who attack specific individuals with e-mails posing as communications sent from authorized people or organizations, hoping that recipients would follow given links and reveal financial information or download malware. Additionally, spear phishing attacks might be intended to perform SQL injections that attack a website's database by exploiting an unprotected code for the execution of unauthorized directives.

According to a provider of enterprise brand security 'MarkMonitor,' phishing attacks against social-networking websites rose 241% from Q1-2008 to Q1-2009. Experts therefore suggest that these websites should take measures like URL scanning to prevent malware from disseminating and improved code designing for stopping vulnerabilities.

Related article: US Passes Baton to Asia in Spam Relay

» SPAMfighter News - 8/31/2009