Spammers exploit social networking sites

November 07, 2009 07:15 pm | Updated December 17, 2016 05:14 am IST - CHENNAI

Youngsters browsing social networking site Facebook in Chennai. With social networking sites attracting millions every month, the risk of virus attacks, account hijacks and spam mounts. File Photo: M. Vedhan

Youngsters browsing social networking site Facebook in Chennai. With social networking sites attracting millions every month, the risk of virus attacks, account hijacks and spam mounts. File Photo: M. Vedhan

With social networking sites attracting millions every month, the risk of virus attacks, account hijacks and spam mounts.

Several instances of hackers exploiting these networks have exposed flaws in the system. In April this year, Michael Mookey, a 17-year-old student from New York, created a virus that sent automated tweets in thousands through a cross-site scripting vulnerability. Twitter acknowledged the attack but insisted that no user-sensitive data was lost. Apparently, Mookey only meant to popularise his site, stalkdaily. In August, Twitter was shut down for a few hours when created a worm that caused its servers to crash. The same morning, Facebook confirmed that there was a similar attack but said it affected only a part of the network.

The technical term for this is Distributed Denial of Service (DDoS) attack. It is caused by infected computers, which are controlled by malicious parties who direct these systems to attack a particular site by sending tonnes of requests. This tends to paralyse networks and real-users of the network experience slow downloads and timeouts. In rare cases, it shuts down the site temporarily, says Rajasekar Raju, Director, Social Media Marketing, Impigertech Technologies.

In February 2008, Symantec Corp, a security company, noticed that hackers were exploiting a flaw in the Internet Explorer plug-in used on MySpace. Users would get spam mail that led to a fake log in page, and if the user logged in, the username and password would be stolen.

According to a recent report, social networking sites topped the list when it came to phishing attacks. The biggest advantage these sites offer to spammers is that they provide users with a variety of customisation options and third-party applications. Users can customise details in their profile, include links to other sites, upload images and videos, and even embed code into their profile page. The problem is that hackers can do all of these things, turning these features into potential attack vectors, says Ratnamala Dam Manna, Director, Security Technology and Response, Symantec.

Social networking sites are vulnerable to attacks because their ‘openness’ encourages users to share information, Ms. Dam Manna says. What does one do then? Updating security solutions is the first and most important line of defence. Operating systems, applications and other software components should be patched with the latest security updates.

With millions connected to such social media sites as Facebook, Myspace and Twitter, it poses a severe risk to the personal details of users. The users must not share log-in information and must change the passwords regularly. More importantly, their social networking log-in credentials must be different from their banking log-in information.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.