Social Networking Sites Needs To Have Security Tightened To Minimize Increasing Attacks From Cyber C

By Author: EC-COUNCIL
Total Articles: 68
Comment this article

Social websites have become the new breeding ground for malwares. The first is a Trojan called Asprox.N, delivered via email informing users their Facebook account is being used to distribute spam and that, for security reasons, the login credentials have been changed.
The email includes a fake Word document attachment, and upon opening the attachment, this file is really a Trojan that downloads another file designed to open all available ports, connecting to mail service providers in an attempt to spam as many users as possible. The second malware strain, Lolbot.Q, is distributed across instant messaging applications such as AIM or Yahoo!, with a message displaying a malicious link. Clicking the link downloads a worm designed to hijack Facebook accounts, blocking users' access while informing that the account has been suspended.

To "reactivate" their account, users are asked to complete a questionnaire, and after several questions, users are asked to subscribe and enter their cell phone number, which is in turn charged a fee of $11.60 per week. Victims can restore access to their Facebook account only once they ...
... subscribe to the service and receive a new password.
However a recent study indicates that users of social networking websites potentially put themselves at risks to hackers and identify thieves because they engage in risky behavior. According to research done by the National Cyber Security Alliance (NCSA) and software firm Computer Associates, 74 percent of user divulge personal information, including email addresses and birthdays. Some users even download unknown files; respond to unsolicited emails or instant messages, all of which may lead to identity theft or virus attacks. Adults who use social networking sites may be putting themselves and their businesses at risk as well the report suggests. Of those who have access to a computer at work, 46 percent engage in social networking at the office, potentially making the workplace vulnerable to online security threats.
What’s more disturbing, security company Panda Labs has discovered an online service that promises to hack into Facebook accounts for $100. They claim they will provide "clients" with login and password information to access any account on the social network. In the case of celebrities or other well-known entities, they can be used to defame the account holder, spread information in their name, etc. In any event, this is criminal activity.
"The service’s real purpose may be hacking Facebook accounts as they say, or profiting from those that want to try the service," says PandaLabs Technical Director Luis Corrons. "In any case, the Web page is very well designed. It is easy to contract the service and become either the victim of an online fraud, or a cyber-criminal and accomplice in identity theft. Once an intruder hacks into a Facebook account, all personal data published on the site can be stolen."
In order to stay safe and protect users from getting hacked, the popular social networking site Facebook is rolling out a new set of security features. Facebook, with over 500-million members, has added the ability for users to login and surf the site using a more secure encrypted connection, known as HTTPS. The encryption is the same used on shopping and banking websites to secure connections, and was previously used on Facebook when passwords are checked. It keeps malicious users from spying on your account and seeing your password, among other things. The new security option is available for some users now, but will be rolled out to everyone over the next few weeks, Facebook says. But to get the extra shield, users have to go into settings and turn it on.
These report findings clearly points out that data breaches are very common these days. One way to mitigate Internet security risks is through technical security training. EC-Council’s brand new TakeDownCon is a technical information security conference series, in addition to learning from some of the best security experts, TakeDownCon also offers highly sought after technical training courses, including the Certified Ethical Hacker (CEH) course, often touted as the world’s most comprehensive ethical hacking training program.
The CEH Program certifies individuals in the specific network security discipline of Ethical Hacking from a vendor-neutral perspective. The Certified Ethical Hacker certification will fortify the application knowledge of security officers, auditors, security professionals, site administrators, and anyone who is concerned about the integrity of the network infrastructure. A Certified Ethical Hacker is a skilled professional who understands and knows how to look for the weaknesses and vulnerabilities in target systems and uses the same knowledge and tools as a malicious hacker.
ABOUT EC-COUNCIL:
EC-Council is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous ethical hacking training, the Certified Ethical Hacker (CEH) course, Computer Hacking Forensics Investigator (CHFI) program, License Penetration Tester (LPT) program and various other technical security training programs offered in over 84 countries around the globe. TakeDownCon Dallas 2011, is one of the conferences of EC-Council’s Take Down information security conference series.