Social Media Sites Risk Growing Threats and Attacks

Exploring Social Media article series badgeAccording to Investor’s Business Daily, evil is sweeping social networks, moving beyond email and blogs to where you like to virtually hang out and congregate:

Security experts last week warned that a new strain of the Koobface virus is hitting Facebook, MySpace and other social networking sites. It looks for links and passwords to other social networking sites.

Social networking site owners work actively to put a lid on nefarious activity. On Tuesday, a federal judge in northern California issued a temporary restraining order against three people accused of widespread spamming and phishing attacks on Facebook. It comes three months after Facebook won a suit that prevents another group of spammers from using or accessing Facebook data and applications.

Virus creators are increasingly targeting social networking sites and other Web 2.0 technologies such as the micro-blogging site Twitter and instant messaging services from Google, AOL and others. Virus writers are also creating fake profiles of celebrities, real friends or business associates hoping people will link with them. Users can be tricked into linking to the fake profile, which can be loaded with various forms of malicious software.

The article by Brian Deagon showcased Facebook users who responded to an email from a “friend on Facebook” to visit a link that initiated a program that “rifled through his hard drive, installed malicious software and sent the same e-mail to all of Daradics’ friends on his Facebook profile.” [Read more…]

Security and Hacking: The State of WordPress Blogs

WordPress SecurityLast year, there was a lot of noise about WordPress being especially vulnerable to attacks and hacks. Not all of those reported hacks and wild fire assuptions about WordPress security were true.

In “SecurityFocus SQL Injection Bogus,” talked about one false report:

Online, apparently, it’s fine for someone to run into a crowded theatre and yell “fire” and the less basis there is in fact the more people link to them. It’s not uncommon to see crying-wolf reports like the above several times in a week, and a big part of what the WP security team is sifting through things to see what’s valid or not.

…All that said, there is a wave of attacks going around targeting old WordPress blogs, particularly those on the 2.1 or 2.2 branch. They’re exploiting problems that have been fixed for a year or more. This typically manifests itself through hidden spam being put on your site, either in the post or in a directory, and people notice when they get dropped from Google. (Google will drop your site if it contains links they consider spammy, you’ll remember this is one of the main reasons I came out against sponsored themes.)

“Sponsored” WordPress Themes were banned from the official WordPress Theme Directory due to inclusion of ads, spam, and malicious links in Themes offered for free, with a hidden price. WordPress Theme scams continue and WordPress users are warned repeatedly to be cautious about downloading and using WordPress Themes without careful inspection and testing.

In the last issue of this series on “Cyber Attacks on the Rise in 2009,” I covered the current spread of the Downadup Worm Infection that uses websites to spread its evil, impacting more than 3.5 million sites worldwide. Such attacks are becoming more rare, but hackers targeting blogs are growing in numbers and resourcefulness. We must be on our guard to protect our blogs more this year than ever before. [Read more…]