With social networking sites attracting millions every month, the risk of virus attacks, account hijacks and spam mounts.
Several instances of hackers exploiting these networks have exposed flaws in the system. In April this year, Michael Mookey, a 17-year-old student from New York, created a virus that sent automated tweets in thousands through a cross-site scripting vulnerability. Twitter acknowledged the attack but insisted that no user-sensitive data was lost. Apparently, Mookey only meant to popularise his site, stalkdaily. In August, Twitter was shut down for a few hours when created a worm that caused its servers to crash. The same morning, Facebook confirmed that there was a similar attack but said it affected only a part of the network.
The technical term for this is Distributed Denial of Service (DDoS) attack. It is caused by infected computers, which are controlled by malicious parties who direct these systems to attack a particular site by sending tonnes of requests. This tends to paralyse networks and real-users of the network experience slow downloads and timeouts. In rare cases, it shuts down the site temporarily, says Rajasekar Raju, Director, Social Media Marketing, Impigertech Technologies.
In February 2008, Symantec Corp, a security company, noticed that hackers were exploiting a flaw in the Internet Explorer plug-in used on MySpace. Users would get spam mail that led to a fake log in page, and if the user logged in, the username and password would be stolen.
According to a recent report, social networking sites topped the list when it came to phishing attacks. The biggest advantage these sites offer to spammers is that they provide users with a variety of customisation options and third-party applications. Users can customise details in their profile, include links to other sites, upload images and videos, and even embed code into their profile page. The problem is that hackers can do all of these things, turning these features into potential attack vectors, says Ratnamala Dam Manna, Director, Security Technology and Response, Symantec.
Social networking sites are vulnerable to attacks because their ‘openness’ encourages users to share information, Ms. Dam Manna says. What does one do then? Updating security solutions is the first and most important line of defence. Operating systems, applications and other software components should be patched with the latest security updates.
With millions connected to such social media sites as Facebook, Myspace and Twitter, it poses a severe risk to the personal details of users. The users must not share log-in information and must change the passwords regularly. More importantly, their social networking log-in credentials must be different from their banking log-in information.