ReadWriteWeb

Thanks to the popularity of social networking sites like Facebook and Twitter, it's a given that malicious hackers will devise ways to exploit the sites' numerous users in order to infect their computers with malware. This unwanted software is designed to do a number of terrible things ranging from identity theft to turning computer into remote-controllable "zombie" machines.

Without sufficient anti-virus and malware protection programs installed, social networking users can easily become victims to these ever-evolving attacks. However, the best way to avoid becoming a victim yourself is to be aware of what's out there and what sorts of things you should avoid. Below are the best practices which you should use on Facebook and Twitter in order to keep yourself safe.

Microsoft is taking aim at malvertising in an effort to curb the phenomenon. The Redmond company filed five civil law suits in King County Superior Court this morning after finding that a number of online advertisers were delivering malicious code to users. In the past ReadWriteWeb has covered a number of malvertising scams including the Facebook Fan Check virus' scareware scam. As was the case with Fan Check, the 5 companies are being accused of mimicking Windows security updates and tricking users into running fake programs.

New Trend: Web 2.0-controlled malware?

Security researchers at Symantec recently uncovered a backdoor trojan whose spread is being dictated by commands hosted in Google Groups, Google's online discussion forums. The backdoor trojan, named Trojan.Grups, appears to be the first ever malware to use an online newsgroup as the "command and control" center for botnet communications. It's certainly the first time that Google Groups specifically has been compromised in this way. This new discovery points to what appears to be the latest trend in what you could call "Web 2.0 malware," that is, nasty computer programs that don't just spread in social networks, but actually use the infrastructure of the social networks themselves to do the spreading.

It's seems like every virus produces a list of capitalistic charlatans. During the Bubonic plague, thousands spent their hard earned savings on worthless talismans in the hopes of avoiding the Black Death. The song "Ring Around the Rosy" even documents the myth that a "pocket full of posies" could ward off the disease. Today's modern day talisman comes in the form of a fake anti-virus software. According to John Leyden's recent Register article, fake software is being peddled to users who believe their systems are infected with the Facebook Fan Check Virus.

When it comes to spreading malware on the web, virus writers are nothing if not creative. We've seen malware infiltrate everything from Facebook to Twitter to email to IM. Now it seems you can add another site to that list: Slideshare, the community for sharing your slideshow presentations on the web. Over the weekend, security firm ESET discovered that this popular social media resource was being used to spread malware in the form of fake slide decks. Although these initial attacks were relatively simple to detect, future variations could easily become more deceiving.

Today at the cybersecurity conference known as Black Hack, researchers Charlie Miller and Collin Mulliner will present an SMS exploit that could take over your iPhone with just one text. Once the phone is compromised, the hacker would have access to all the functions on the phone allowing them to send email, access your contacts, make phone calls, and of course, send text messages that would send the exploit to more devices.

This serious vulnerability (which apparently Apple sat on for over a month) is probably the first time that most people have heard of mobile phones being used to create botnets. However, this isn't the first sighting of a mobile phone hijacking attempt for the purpose of botnet creation - a similar exploit was discovered earlier this month. Does this mean we're on the verge of a new and dangerous trend: the creation of "zombie" phones?

Noted security guru Bruce Schneier, chief technologist at BT, has scoffed at Google's claims about its new OS, just announced yesterday. According to the Google blog post, Chrome OS represents a complete redesign of the underlying security architecture of the OS "so that users don't have to deal with viruses, malware, and security updates." A bold statement to say the least...and apparently one Schneier doesn't think too much of. "It's an idiotic claim," he says.

Looking for a good conspiracy theory today? Well here's one: Chris Almond, the administrator of a Facebook group called the Rogue Facebook Apps Early Warning Group just got kicked off the social network. Why did this happen? Did Facebook not like how he was posting details about Facebook malware, hacks, and attacks? Attacks like this recent one that exposed private Facebook profile information just by clicking on a link?

Or was Facebook simply following through on a TOS violation because Chris had accidentally sent out duplicate messages to group members, thereby getting flagged as a spammer and subsequently booted from the network?

Ever come across a Google search result that has the words 'this site can harm your computer' below a link? What about the Firefox red screen of death? If you're a Web surfer, chances are you've likely avoided clicking on this type of link. If you're the owner of the flagged site, chances are that those six simple words will set off a mental tailspin.

Launching today, Dasient, a San Jose Palo Alto start-up founded by a couple of ex-Googlers, hopes to change all that with its new Web anti-malware service. By monitoring Web sites for infected pages, providing instant diagnostics and giving site owners a two-click quarantining option within moments of a compromise, Dasient's subscription based security service (free and paid, from $50/month) aims to help businesses retain control of their Web site and remain clear of the dreaded blacklist.

Conficker, the Internet worm that caused a mild panic reminiscent of Y2K late last month, but which failed to do anything spectacular that would have warranted the breathless coverage on 60 Minutes ("The Internet is Infected"), has finally woken up. This morning the worm  started to update itself via a peer-to-peer network between infected machines after downloading its payload from a server in South Korea.