Fortinet sounds the alarm on social media-driven malware

Fortinet predicts a spike in malware proliferation via social media networks. The leading provider of high-performance network security has revealed that deceptive links being shared via social media networks are increasingly the weapon of choice in the spread of malicious software (malware) between users.

“Malware is getting more sophisticated by the day, with the ability to spread at exponentially faster rates compared to more traditional file sharing or email based transmission methods. As a result, it is almost impossible for users to be 100% protected. However, by practicing safe surfing and a lot of common sense, one can greatly reduce the chances of getting infected,” says Alain Penel, Regional Vice President – Middle East, Fortinet.

He explained that attacks triggered by clicking on legitimate-looking links frequently result in the installation of malware that can force one’s computer to join a larger cluster of infected computers known as a botnet. “Botnets are used to carry out a variety of mild to destructive behaviors on the internet, most recently to manufacture online buzz for dubious companies or individuals through bot-driven social media posting, in an activity known as ‘like farming’,” added Penel.

Today, there are a number of deceptive techniques that hackers use to trick users into getting malware into their computer including sending messages out about popular topics to get more views, making downloads appear to be from legitimate sources, such as fake updates for Flash, disabling the computer’s antivirus and sending the end-user to compromised websites, as well as adding malicious extensions to one’s browser that can hijack his or her social media accounts.

Once a user’s computer is infected, the most commonly attacked items are the user credentials. Password theft makes the news frequently, such as the recent attack by the Pony Botnet which resulted in the theft of two million credentials for sites such as Facebook, LinkedIn, and Twitter. Having a password stolen can be risky, especially for anyone who uses the same password in multiple places, such as online shopping sites or even work computers.

How to Practice Safe Surfing
Always Use (Unique) Protection 
Having secure passwords goes beyond the regular precautions of mixing letters, numbers, and special characters. The most important thing is to have every password be unique to the account it is associated with.

This way, having one account breached won’t cause all your other accounts to be vulnerable. A good way to secure your password is to use a password manager. Password managers not only securely store your passwords but can also create new ones that are difficult to guess.

Also be sure that you have secure secret questions that you will remember but that cannot be easily guessed by casual acquaintances. For extra security, memorize incorrect answers to common security questions.

Once you have set a secure password, you should change it often and never share it. If for some reason you have to share your password, do not send this information across a network, and change it as soon as possible.

Virus Detection
All computers need to have anti-virus and anti-malware programs installed and kept updated. It is also recommended to scan your computer on a regular basis, especially if you often download files from the Internet.

Think before You Click
If you see a friend post something that seems unusual for them, don’t click it! Instead, check with them to see if it’s legitimate. Be especially careful about links from high profile accounts, such as celebrities, since they make great malware targets. You should also avoid clicking links in generic posts, like “hey, check this out!”

You should also keep an eye on URLs, to make sure they match where you’re supposed to be. Watch out for malicious websites that will put a familiar name within their URL to fool you into thinking it’s affiliated with that site. If a link uses a short URL, hover over it with your mouse to see the address in full before clicking it. Finally, if you ever see an ad for a deal that seems too good to be true, it probably is.

Pass Information, Not Infection
Protect yourself by protecting your friends, who are the ones most likely to put you at risk of getting your computer infected. Make sure they know what social malware is and what they can do to prevent them (perhaps by passing this paper along to them).

If you ever have reason to believe that one of your contacts has had their account compromised, let them know immediately and make sure they know what to do to regain control of their account.

Comments

Comments