How to Avoid Malware on Facebook and Twitter: 8 Best Practices
Thanks to the popularity of social networking sites like Facebook and Twitter, it's a given that malicious hackers will devise ways to exploit the sites' numerous users in order to infect their computers with malware. This unwanted software is designed to do a number of terrible things ranging from identity theft to turning computer into remote-controllable "zombie" machines.
Without sufficient anti-virus and malware protection programs installed, social networking users can easily become victims to these ever-evolving attacks. However, the best way to avoid becoming a victim yourself is to be aware of what's out there and what sorts of things you should avoid. Below are the best practices which you should use on Facebook and Twitter in order to keep yourself safe.
The Problem with Malicious Links
One of the most common vectors for attacks are malicious links posted either to Twitter or to your Facebook wall. In the past, such as with the malware known as Kooface, the troublesome links could be easily identified because they would often use a consistent phrase followed by a URL. For example, in August, Koobface was posting links that read "my home video :)" which was followed by a URL and then a random component on the end such as "HA-HA-HA!!", "W.O.W.", "WOW", "L.O.L.", "LOL", ";)" or "OMFG!!!"
Although the end piece changed from tweet to tweet, the message itself remained the same. However, security researcher Costin Raiu of Kaspersky Lab tells us that easy-to-identify messages are not as common anymore. Today, it's much harder to identify malicious links thanks to two newer techniques being used by hackers. Below those two newer methods are described in more detail as is the tried-and-true method of spreading malware via email.
Method 1: Hijacking Twitter's Trending Topics
The first technique, which really became popular in August of this year, involves hackers creating Twitter new accounts and then posting messages related to whatever trending, or "hot," topic was being heavily discussed on Twitter at that time. This would allow the post to be aggregated in Twitter search results where unsuspecting users would click on the included link. The text accompanying the link would be intriguing to those interested in the subject, enticing them to click through.
Method 2: Hijacking Legitimate Accounts
The second technique involves infiltrating legitimate accounts through phishing attempts and other methods so that the hacker essentially has control over a "real" account. After control has been established, if on Twitter, the hacker will then tweet out links that redirect users to malware-infected sites. Because the tweets come from an account that already has an established set of followers, those reading the tweets assume it's safe and don't hesitate to click the links.
After infecting the account of a Facebook user, malware often uses that particular person's account to spread, too. As with the malicious links on Twitter, because it appears that the links posted are from a trusted friend, other users don't realize that the posted link is harmful.
On Facebook, one of the most problematic malware programs is Koobface, a particular type of malicious software that sees 20 to 30 new variations per day. Despite the number of variants out there, Koobface's M.O. is relatively consistent: it tricks people into clicking links. These links appear on social networks like Facebook and Twitter, but also on MySpace, hi5, Bebo, Friendster, and others.
Method 3: Dangerous Email
A third method to encourage social networking users to click on infected links is the old but still effective technique of sending out spoofed email. Hackers can create email messages that appear to be sent from a social networking site. The messages prompt you to "update your account" or open an attachment containing your new password among other things.
Image Credit: Last Watchdog
Image Credit: Last Watchdog
Although many users are now wary of email, these techniques are still being seen in the wild, so it's clear that to some extent they still work.
How To Stay Safe
There are a number of best practices that you should follow in order to stay safe and avoid infection. They are as follows:
- Don't assume a link is "safe" because it's from a friend: As noted above, your friend's account may be infected. You should never assume that a link is safe just because a friend tweeted it or posted it to your wall. Use your common sense. If it doesn't sound like something they would say, be wary, don't click. If you're unsure, try to contact them through another channel and see if the link is legit.
- Don't assume Twitter links are safe because Twitter is now scanning for malware: In August, Twitter partnered with Google to use Google's Safe Browsing API, a technology that checks URLs against Google's blacklist. This prevents spammers from posting malicious URLs to Twitter, but it does NOT prevent them from posting shortened URLs which direct users to those same malicious sites. It's better than no protection at all, but it's not going to keep you entirely safe.
- Don't Assume Bit.ly Links are Safe: Earlier this year, Twitter's default URL-shortening service Bit.ly, began warning users of malware. Bit.ly also uses Google's Safe Browsing API along with two other blacklists to identify malicious links. Although the service doesn't prevent users from posting these links, it will warn upon clicking that the site being linked to is infected. However, as Raiu tells us, this is not 100% effective either. Kaspersky has identified a number of malicious links which Bit.ly did not block. However, you can assume that Bit.ly is generally safer than the other URL-shortening services because it uses this technology and because the hackers are generally avoiding this service at the moment because of its built-in protection. But it is not completely safe - nothing ever is.
- Use an up-to-date web browser: Kaspersky recommends using the latest version of your web browser and keeping it up-to-date with the necessary patches. That means Internet Explorer users should be on IE8 - and since this browser is attacked the most, it's critical that you make sure it stays updated as needed. Firefox is the second most attacked browser, but fortunately, it has a self-updating feature built in. Google Chrome is also good because it has a self-updating feature as well as another security feature that runs plugins in "sandboxes," or restricted environments. If an attacker was able to exploit the browser and run malicious code, it would be isolated to this sandbox and would not able to effect the entire machine. Opera and Safari are also good browsers and should be kept current, too.
- Keep Windows up-to-date: As always, Windows users should make sure their systems are current with the latest patches from Microsoft. Automatic updates should be turned on.
- Keep Adobe Reader and Adobe Flash up-to-date: At the moment, Adobe Reader and Flash are the two most targeted programs by hackers. A lot of malware specifically goes after known vulnerabilities within Adobe's software. In addition, a common method of attack, such as that used by Koobface, is to redirect a victim to a malware-infested site where the user is prompted to update their Flash player or Adobe Reader in order to see the website content. NEVER do this. Always go to Adobe's site on your own to download the latest version or update the software on your computer using its own built-in update mechanisms.
- Don't assume you're safe because you use a Mac: While it's true that Mac users are less targeted than Windows users, they are not immune to malware, despite what those commercials may say. Although Apple did include some malware protection in their latest operating system, it only protects users from two trojans; you cannot count on it alone to protect you. There are a couple of hundred of trojans currently in the wild that specifically target Mac machines, according to Kaspersky. In fact, there may even be as many as a thousand, but researchers are unable to identify all of them because Mac users don't typically run anti-virus software which is how much of the data is collected. These days, when a user clicks an infected link, the malicious web page will now sometimes identify whether that user is coming from a Windows or Mac machine and then display the appropriate version of the trojan accordingly. A particular family of trojans known as "DNS Changer" trojans are the most common ones used to attack Mac machines. The only way to really be sure that you're protected against these malicious programs is to run anti-malware software on your Mac, but most Mac users won't do so, preferring to take their chances since their risk is lower.
- Be wary of email messages from social networks: Because email addresses can be "spoofed" by hackers, you can't assume that an email from Facebook or Twitter is really from those the site it claims to be from. As always, you should never open attachments you were not expecting to receive and you should be wary of clicking on links - especially if you're being told to "update your account." If you do click on a link and are taken to a web page that asks you to log into the site, DON'T DO IT. It would be handing over your password to the hackers. Instead, you should always access the sites directly by typing in their URL in your browser or clicking a saved link in your Favorites.
It's Not Just a Matter of Common Sense Anymore
As the above best practices show, a lot of the things you can do to protect yourself from malware are the same as they have been in the past - keep your computer and browser up-to-date, don't open attachments, etc. However, malware is trickier to identify these days thanks to social networking sites. It now uses the trusted identities of your friends in order to lull its victims into a false sense of safety. You can no longer simply assume that because someone you know posted a link, it's automatically safe. You can't even assume that the networks themselves are safe, either. They're not always scanned for malware-laden links, and when they are, such as is the case with Twitter, it's not a 100% effective method.
Security researchers are actively working on better ways to fight this problem - for example, Kaspersky just announced their "Krab Krawler" project which will help keep their blacklists current by scanning for malicious links on Twitter, but it's not a tool that end-users can download to protect themselves; it's only one of many methods that security firms use to collect data about the malware on the internet. The best way to stay safe is to follow through with all the best practices - not just one or two. Malware isn't ever going away, so everyone must do their own part in order to stay safe on the web.
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
facebook should protect their users.
Awesome Post. People should be aware of these problems with social networking.
Jim
I cosidered your comment in the Bases of the How to Avoid Malware on Facebook and Twitter: 8 Best Practices its really nice information which you provide in this commenting site.
http://www.goarticles.com/cgi-bin/showa.cgi?C=1989925
Good post, informative. Any recommendations on anti-virus software for Mac?
Excellent post! I believe that most anyone that uses these social media sites would benefit from reading this informative article.
"Couple of hundred"? What are those Mac Malwares? This is PURE FUD. Nice try though Microsoft shill. Keep pushing the BS, we're not buying it.
Wow, this is a good blog post. I run a scam site and get a ton of messages a day from people that have fallen victim to a Facebook, Twitter, or Myspace scam. I have personally seen scams where they actually ask me to to send them money (from what looks like a friend) however, there account has been infected, and I know it is just a scam.
I think the best rule to follow when on these sites is, if you don't believe it either call or contact your friend by phone or email. Watch out there is a lot of fraud that goes on online.
http://www.report-online-scams.com
@Garen good call on that. It never hurts to double check with a friend.
Great post RWW
To avoid phishing, key loggers and most types of attempts to hijacking your online account, try out 0pass.com
Coincidental that Kaspersky just launched their Mac AV product two weeks ago?
http://www.kaspersky.com/news?id=207575937
Nothing like FUD (that was republished in the New York Times) to get a product sale.
To be clear, to those calling FUD, during the interview I asked the question as to whether Mac users were at all affected by any of this Twitter/FB malware - Raiu did not bring it up on his as some sort of pitch for his company's products. I also prompted him to reveal the numbers of Mac trojans in the wild - I was curious as to how widespread (or more likely not) malware was in the Mac community at the present time.
What is interesting is that as the Mac user base increases, there is more Mac malware created too. In the past, hackers wouldn't have bothered writing two versions of their malware - one for Windows, one for Mac - as they do now in some instances.
We also discussed the Mac botnets the firm has seen, although that was not mentioned in the article.
It's always fair to debate whether there is less malware for Mac because the OS is inherently more secure, as Apple claims, or because it has a lower install base. That's a touchy subject with experts weighing in on both sides. However, this article was not meant to push any agenda, just to point out that no matter how secure you feel, nothing is 100% - you should always be cautious, Mac user or not.
Re the FUD - interesting then that, after searching Kaspersky's own virus database, I can find only one malware dated later than Nov 2007, and the vast majority of the items they list, 85 only in total, were pre 2006, and relate to the older, non BSD unix origined, Mac OS 7-9 platform. Only three of the items had any decent description or identification info, and only one of those related to the modern Mac OS X platform. In fact, searching for malware with ".osx." in the item name, as per the naming convention, delivered only 9 results.
I understand that in the interest of providing a balanced posting and being able to address both Win and Mac platforms, you asked the questions, not intending to drive and FUD based agenda.
However, the info obtained in your research, and in particular the comments attributed to the Kaspersky researcher, are definitely pedalling FUD, and bear no resemblance to the reality of using the Mac OS X platform.
I think the amount of trojans and malware infectors for MAC OSX is speculative at best; but the point should not be lost that no one really knows because most MAC users don't load any kind of AV/Malware scanner that would report the data.
The danger is in assuming that because you are on a MAC, that you haven't picked up a keylogger, DNS redirector or other spyware that is collecting and sending data somewhere unintended. Until a mass infector hits the MAC, there won't be enough 'noise' to cause alarm. Most of what is being seen these days is not that disruptive to the user's OS, it's stealthy and steals passwords and account information. It's not until the information is used that MAC users will realize they might be infected; and then only if they bother to think that their computer was the source of the information, and not some other phishing scam.