June 08, 2009, 11:04 AM — Websense CTO Dan Hubbard outlines four ways companies can protect their information from threats and compromise on the social Web.
1) Most Web Posts on Blogs and Forums are Actually Unwanted Content (Spam and Malware) As more and more people interact with each other on sites allowing user-generated content, such as blogs, forums and chat rooms, spammers and cybercriminals have taken note and abuse this ability to spread spam, post links back to their wares and direct users to malicious sites. Websense research shows that 85 percent of all Web posts on blogs and forums are unwanted content - spam and malware - and five percent are actually malware, fraud and phishing attacks. An average active blog gets between 8,000 and 10,000 links posted per month; so users must be wary of clicking on links in these sites.
Additionally, just because a site is reputable, doesn't mean its safe. Blogs and message boards belonging to Sony Pictures, Digg, Google, YouTube and Washington State University have all hosted malicious comment spam recently, and My.BarackObama.com was infected with malicious comment spam. More on CIO.com Web 2.0 Definition and Solutions Can Social Networking Be Secure at Work? How to Use Social Networking Safely: Tips From Security Pros
2) The Top Search Results from Google are Safe, Right? Search engine poisoning is growing in popularity and used by cybercriminals to boost links to Web sites with malicious code or spam, up in the search rankings. Many users assume that the top results are "safe" but really they are directed to infected Web sites. For example in March, basketball fans who typed "March Madness" into their Google search bar and clicked on many of the top ranking links were actually led to Web sites infected with "rogue antivirus" software (see number 3).
3) You're Really NOT Infected; Be Careful Before You Download That In the past year Cybercriminals have increasingly used what's known as "rogue antivirus" to get information like credit card numbers and other private information from Web users. Typically, rogue antivirus authors use search engine poisoning to drive traffic to sites they own or have infected (as noted above). Often they post links on blogs and forums that link back to a malicious site under their control. When a user visits these Web sites, a window pops up warning them that their computer has been infected with malware. The user is prompted to pay money and download an "antivirus" software program to clean their system. In reality, the attackers have tricked the user into disclosing their credit card information to pay for the fake software as well as successfully installed malware on the user's machine. One example is the well-publicized Conficker worm that infected millions of computers around the world. Some users with the Conficker worm observed a file downloaded onto their machine. Upon running the file, the user was asked to pay $49.95 to remove the "detected threat."
The Anti-Phishing Working Group recently published some interesting statistics showing that the numbers of rogue antivirus programs rose 225 percent from July 2008 to December 2008, more than tripling the number of detected rogue programs from its July level.
Rogue antivirus attacks play on the fears of Web users and are a ploy for money, when in fact the computer user has not been infected, nor do they need to install an antivirus program.
4) Sadly, You Really Can't Trust Your Friends or Your Social Network As a tweet from the Websense Security Labs recently stated, "Web threats delivered via your personal Web 2.0 social network is the new black - do not automatically trust suspicious messages from friends." The social networking explosion has created new ways of delivering threats. Web users are so accustomed to receiving tweets with shortened URLs, video links posted to their Facebook pages and email messages purportedly from the social networking sites themselves that most people don't even hesitate to click on a link because they trust the sender.
The unfortunate reality is that criminals are taking advantage of that trust to disseminate malware and links to infected Web sites. Websense Security Labs recently found examples of e-mails sent from what appeared to be Facebook, but were really from criminals that encouraged users to click on a link to a "video" that was actually a page infected with malware.
Dan Hubbard is chief technology officer for Websense. He leads the global Websense Security Labs team that researches and analyzes emerging Internet security threats and trends. Hubbard graduated with a BSc in information and decision systems from Capilano College in Vancouver, Canada.
Follow everything from CIO.com on Twitter @CIOonline
