This story is about social media threats and targeted attacks. As introduction, there are a lot of predictions that in about a year the number of classical malware will start rapidly decreasing, classical malware such as email spam messages and file infectors.
Targeting New Platforms
The reason is that it’s quite hard to write a classical virus and it’s also quite unproductive to send millions and millions of email spam messages hoping that somebody will read it and purchase the product you are selling or visit the website you have.
Virus writers notice that it is a lot easier to take advantage of the new communication platforms instead of working hours and hours developing new viruses and competing with all the security companies up there.
Why not develop applications for either mobile platforms or for social networks that will incite users to install them and to actually infect themselves? For example, as you are reading this, another tab of your browser is probably open on Facebook. You have friends on Facebook, you are encouraged to pop into conversation, you are encouraged to talk to as many people as possible.
There are a lot of applications out there also. Some of them are really useful and some that are just like: “I wanna try,” or several games that are really nice that anyone would play them.
You’ve probably noticed that there are several applications that will tell you how many people visited your profile. The bad news is those kind of application do not exist, it’s impossible right now in Facebook to have applications that will tell you how many times your profile was visited. These applications, once you install them, will not only send directed messages to your friends but will also send information extracted from your profile to their creators, confidential information like name, email address, phone and so on.
This information, which initially wasn’t available for spammers or virus writers, can be used to create targeted attacks. For example, all of us remember the Nigerian scams, they were saying that somebody inNigeria, that is dying and that is old relative of yours, wants to extract money from his country and send it to your country. What happens if the email that you receive doesn’t start with: “Dear email address,” but it starts with: “Dear” and your name? And also the last name of the relative – it’s actually your last name? What happens then? Don’t you start actually asking yourself: “Hey, maybe I do have a distant relative there?”
The Next Way of Malware Spreading is Context
Since you don’t have to be extremely smart to write a nice malware application, you just have to enter social media, it’s all about being in the same context as your victims. If two persons are talking or having a conversation and you are coming in with something totally out of the context you’ll get ignored. If people are talking about weight loss products and you yell about shipping – you’ll get ignored. But if you pop into conversation with something on the same context people will say: “Oh, this is interesting, this is something what I’m interested in!”
This is what happens on Twitter now. There are plenty of bots scanning for the trending topics and once you start twitting on something that you are interested and something that you wish, you can get a twit back telling you: “If you are interested in this you can go to this web site and purchase it from there,” which is exactly the perfect tool marketers always used to have to see what their clients would wish for. And spammers are doing the exact same thing, they are seeing what you wish for and they are giving it for you.
The same thing happens on smartphones. When you buy a smartphone, you don’t actually buy it just for talking – you can buy absolutely any other phone for just talking. When you buy a smartphone, you buy it for the ability to have several applications, good applications that will actually serve several of your needs like reminding about friend’s birthday or synchronizing information between phone and PC and so on.
Writing applications is opened to several developers but not all developers are good. When you install an application the first thing you will be asked is about allowing permissions. You’ll allow permissions for application to access your SMS files, your emails, your addresses and so on. And asking for permissions from an application is as similar as asking the user to read your end user license agreement – nobody actually does it, you’ll just accept everything just to move to the next space.
And so you’ll have games that require permission to call people or to send texts. The problem is they can either text or call premium rate numbers, which will lead you losing money or they can just take your confidential information from your phone and send it to somebody else. By installing an application and not paying attention of what exactly you are doing you are giving away your personal information, which can later lead on to money loss and identity theft.
It is always important to consider security threats online, especially when spending your own money. That is why it is important to chose well know reputable sites. The casino industry may have some dangerous sites, but with www.ladbrokes.com you can rest assured your money is safe. While you are on the Ladbrokes casino website, playing your favourite games, you can even add ‘https’ in your browser for that added security and peace of mind.
Alex Lamman is a 25 years old software engineer, snowboarder and just a loving father from Germany. He is Internet security addict and helps to run Privacy PC website.
If you wish to write for us, kindly check out the guidelines to write a guest post.