Forgot your password?
typodupeerror

Social Networks Attract Malware Authors 76

Posted by kdawson
from the where-the-eyeballs-are dept.
Looks like the Zanga attack on MySpace last summer was a bellwether. Tiny Tuba writes, "Parents and social network users have one more thing to worry about. According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more." From the article: "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."
This discussion has been archived. No new comments can be posted.

Social Networks Attract Malware Authors

Comments Filter:
  • by BeeBeard (999187) on Tuesday October 03, 2006 @04:03PM (#16296731)
    *downloads your bank account information*
  • Zanga? (Score:3, Informative)

    by Hangin10 (704729) on Tuesday October 03, 2006 @04:03PM (#16296739)
    That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.
    • That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.

      The word you're looking for is malwareorist.
    • It's a good place for them too, they get their fill of stupid people without worrying about wasting time with those of us who know better, and those of us who know better don't have to waste time dealing with malwareorists... it's a win-win-win (stupid people ALWAYS win, what with their blissful ignorance and all)
  • You're joking right? I can hardly believe...
  • by Bloke down the pub (861787) on Tuesday October 03, 2006 @04:05PM (#16296771)
    "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."

    Huge clueless crowds gawping at $deity-knows-what and not paying attention.

    Film at 11.
  • Well gosh. (Score:2, Insightful)

    by AltGrendel (175092)
    How suprising

    ...bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

    Come on, we all knew it was a matter of time.

    • by Korin43 (881732)
      As if it's even necessary.. MySpace crashes my computer without help..
    • Really, if we all thought about it, my only thought was, "they weren't already?". What with all the browser-crashing abilities that site has.
  • normal? (Score:5, Funny)

    by User 956 (568564) on Tuesday October 03, 2006 @04:06PM (#16296793) Homepage
    According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

    What, you mean that's not what normally passes for content on MySpace?
  • This is going to make the general population more aware of 'internet sanitation'. Its going to enter the public consciousness that there are some nasty things out there. People probably won't learn that using IE is like picking up a dirty syringe that washed up on the beach, but they may be a little more careful about what they click.

    Expect snakeoil anti-malware companies to flourish as well.
    • Re: (Score:3, Funny)

      by grub (11606)

      This will open up the way for Norton MySpace Security Only $29.95 a year!
      • by alx5000 (896642)
        If it will remove every myspace reference on Slashdot and everywhere else, I'm buying 8. At last I am becoming a crafty consumer...
    • Re: (Score:3, Insightful)

      by joe 155 (937621)
      I disagree with your first point, but agree fully about people selling crap anti-malware (why buy it? linux is free).

      If all the other 0day attacks that have existed and the old classics which still rumble on aren't enought to make people care nothing will, not even myspace. Someone who lives in my building has a worm which could easily be stopped if they updated XP (It keeps trying to probe my linux box and registers as "microsoft-ds" on port 445, if you're wondering), but some people will just never ca

      • Still, I suppose there might be some money to be made from selling really basic anti-malware programs which might do nothing - but because they're closed source it'd be illegal to find out ; )

        I think the probability that that will happen is astronomically high.

        I still think people will be worried and carefull. They might manage to remove the recycling bin from their desktop if they get some idea that its dirty and has viruses or worms growing on it.
        • by carpeweb (949895)
          I think the probability that that will happen is astronomically high.

          Really? I think it's less than (but not by much!) or equal to one.

          ---

          Tag this "too easy to ignore".
      • by kamil212 (1009281)
        So true about all the crap anti-malware/spyware software out there. I'm so tired of going to somebody's house and seeing 10 icons on the desktop for this anit-crap SW, then running my own little free tool and finding hundreds of threats. Just wondering, since I switched to Linux a couple of months ago (newest Ubuntu distro), what threats do I still have to watch out for? (all I use is firefox plus I have two ports forwarded from my router for DL purpuses). Thanks
        • by joe 155 (937621)
          hmmm, for advice on linux security I would say it is worth looking out for rootkits or attacks from outside trying to use open ports, especially for SSH which can sometimes as a default allow remote root login (it does on fedora) so unless you really need to run SSH I would close it/make sure it's closed. Secondly I would install rkhunter (it's free and open source) and chkrootkit (again free and open source, if you have something like yum on ubuntu it should be in their repos... I've never used it so don'
    • Re: (Score:3, Insightful)

      by Cap'nPedro (987782)
      Are you sure they'll even know where the malware came from/how they were infected?

      Even if they're told, will they believe it?
      • Come on, these are the same people who fell for "this email contains a virus" before there was Outlook.
        These are people who worried about a knock from the cops when their program performed an illegal access and had to be shut down.
    • Re: (Score:3, Insightful)

      by pembo13 (770295)
      The problem with what you saying is that people (as a whole) are quite comfortable with not knowing what nasties lay "out there". There have always been these things, in different forms. The will seemly cope by ignoring.
  • So... (Score:1, Flamebait)

    by creimer (824291)
    Who wants to pay $900+ million USD for this crime-infested website that probably have more cops pretending to be sexually active little girls than actual users?
    • Re: (Score:1, Funny)

      by Anonymous Coward
      Members of the US Congress?
      • by cashman73 (855518)
        No, you have it wrong! Congressman Foley was interested in little boys , not little girls,...
    • Rupert Murdoch, who also didn't have enough money to continue Firefly.
  • by zappepcs (820751) on Tuesday October 03, 2006 @04:14PM (#16296919) Journal
    Is it just me, or is everyone else having trouble understanding why this is news.

    Ants are invading picnics... news at 11.
  • by SwedishChef (69313) <craig@@@networkessentials...net> on Tuesday October 03, 2006 @04:15PM (#16296939) Homepage Journal
    I wonder how many Windows users know how to use Netstat -a -n. It's amazing how much BSD stuff Bill and his friends pulled into their OSes. That will give you a pretty good idea of where your computer is trying to go.
    • wonder how many Windows users know how to use Netstat -a -n

      Not many. They don't have to. Note this is posted from linux, which I use because I like doing all sorts of programming related things with my computer and don't mind editing /etc/X11/xorg.conf to go multihead etc. My users use Windows and are comfortable there because while it doesn't often do as much, it does it easier for the most part. Which is what they want.

      Linux is where the backend stuff is going. Windows is still what all the client e

      • by sowth (748135)

        MS Windows easier? Easier than Slackware or OpenBSD maybe. They are just used to Windows. Though I think most of them wouldn't notice if you changed their installs to Linux running KDE. Except they would think someone had changed their icons. The only real problem with Linux and other alternative OSes is the fact most software vendors only write programs for MS Windows, and that API is too contrived to easily clone.

        Look at Wine. From what I've seen, a lot of people have done quite a bit of work on wine, y

    • by 1000101 (584896)
      Why is netstat "yet another reason to use Linux" if it is already in Windows? If it's already there, no need to switch. Also, I would agree that very few Windows users know about or how to use netstat. And even if you were to tell a typical Windows user to go run netstat -a -n, do you think any of them would know what to do with it? I seriously doubt it, and I also don't really think they should. Not everyone has the time/desire to be a computer expert.
    • by Z34107 (925136)

      I used netstat to figure out why my IIS was unreachable from outside the computer it was on.

      Had nothing to do with port forwarding or NAT... a typo set my firewall to explicitly "block" the ports it used instead of "allow" them. Netstat didn't fix something like user error, but let me eliminate the other options.

      Oh well.

  • Boobies (Score:3, Funny)

    by truthsearch (249536) on Tuesday October 03, 2006 @04:19PM (#16296963) Homepage Journal
    bad guys are booby-trapping sites like My Space

    Lots of kids use MySpace, so please leave boobies out of this. Please think of the children. Thanks.
    • Apparently you haven't been on MySpace and seen either the boobies or the kids. ;-)
    • by mudshark (19714)
      No, boobies are *for* kids. Listen to La Leche League. _You_ are the one who needs to think of the children, pal.

      <sing>Mammaries...Like the corners of my mind</sing>

  • by Bob9113 (14996) on Tuesday October 03, 2006 @04:19PM (#16296975) Homepage
    Clearly what we need in response to this new threat is more laws. We must outlaw things so that our children can be protected from these online predators. And while we may not be sure exactly what to outlaw, surely we can start by outlawing things that are new or used by strange people. It may not solve the problem, but we can't know for sure until we start outlawing things. In this new world of threats that have never been seen before, we have to have the courage to pass laws before we know what is wrong. The only other option is to wait until after the ambiguous threat has caused the damage it may or may not intend to cause. We simply cannot stand idly by and let that maybe happen.
    • by Chemisor (97276) on Tuesday October 03, 2006 @05:04PM (#16297589)
      Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison. Considering that quite a few of them show advertisements (adware) or contact some global host owned by somebody (spyware) it ought not to be very hard to follow the money and find the culprit. Web sites have ownership, and so are trackable. Companies have ownership, and so can be found. Companies that sell stuff can definitely be found and very easily. Why isn't the police arresting them?
      • by sm62704 (957197)
        Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison.

        The prisons are too full of drug users.
      • by Squigley (213068)
        > Why isn't the police arresting them?

        Is our children learning? :-)

        Sorry, couldn't resist.

        -1, there mods, I did it for you :-)
    • by spx (855431)
      Pretty soon we will be having good old fashion witch hunts too.
  • Flies like shit.
    Fleas like dogs.
    Homer like beer.
  • "increasingly bad guys are booby-trapping sites like My Space and Webshots"
    So, the problem is not that there are more malware authors, but that they are getting worse. LOL.
  • Geeks taking over social spaces. Will wonders never cease?
  • As the saying goes "Shit attracts flies".
  • A few things here... (Score:3, Interesting)

    by dominion (3153) on Tuesday October 03, 2006 @04:34PM (#16297167) Homepage
    There's a few factors which have made myspace a cesspool spawning marketing and advertising demons left and right.

    The first is that the system is centralized. Therefore, any spammers, spimmers, or whatever they're called on social networking sites, who decide to set up shop have only to contend with a sign up process, and maybe a captcha. Other than that, the burden is put on myspace.com itself. The spammers get a free ride.

    The answer to this is to create a more decentralized social networking system. Like I've said before, I'm working on an open source project like that called Appleseed [sourceforge.net], but some of the ways I can foresee stopping spammers from setting up fake profiles and all that is to a) use a sender-stores system for messaging, so that the burden of storing and maintaining messages is put on the spammer. Want to send out a million messages? Sure. But be sure to be willing to host those messages indefinitely until their recipients decide to pick them up. Oh, and as far as accountability goes, it'll be a lot easier to find you. Also, b) By distributing social networking into specialized nodes, you now have a lot large pool of people willing to get rid of spammers. Each node will have a dedicated admin, so knocking off one or two fake profiles every so often isn't so hard. But MySpace has 50,000,000 people on one site. Sometimes it seems like they don't care about spammers, but honestly, it's probably just that they're incapable of removing all of them as fast as they're created. "Never attribute to malice" and all that...

    The other important factor? Men are idiots. I see these fake profiles that scream "no fucking way I'm real", and it'll have hundreds of knucklehead friends. It seems creating a profile that says,

    "Hi, I'm Emily! I'm 19 years old, bisexual, and I just moved to Detroit from Cali! I like to party, have fun, dance, and have naughty sex! Come over and see me on my webcam over here..."

    is all you need to do to create the requisite blood flow displacement which makes most dudes take a few steps back on the evolutionary ladder. Just like spam, you can take a technical approach, and that can go a far way to defeating it, but as long as there are dudes out there with barbed wire bicep tattoos, backwards hats, throwing up fake gang signs in their bedroom in front of a Sublime poster willing to be duped by the simplest of scams, there's not much we can do. Possibly a well educated, self-confident, and sexually liberation female population who absolutely refused to have sex with these cro-magnons until they opened a book might help. But like a sender-stores system, some of them might get through anyways.
    • by dim5 (844238)
      Hi Emily!

      URL plz! Do you take PayPal?
    • I'm replying to this, not because I have anything useful to say here, but because I just mistakenly up modded a troll (http://it.slashdot.org/comments.pl?sid=198901&cid =16298289 [slashdot.org]) for cutting and pasting your exact same comment above.

    • Just like spam, you can take a technical approach, and that can go a far way to defeating it, but as long as there are dudes out there with barbed wire bicep tattoos, backwards hats, throwing up fake gang signs in their bedroom in front of a Sublime poster willing to be duped by the simplest of scams, there's not much we can do.

      Dude, no way i can be duped!!!
    • Re: (Score:3, Interesting)

      by Lord_Dweomer (648696)

      There's a few factors which have made myspace a cesspool spawning marketing and advertising demons left and right.

      Might also have something to do with the fact that the founders don't exactly have a problem with it seeing as how MySpace was founded by spammers [valleywag.com], not Tom. Tom is just the pretty wholesome face they put on there to get peopel to join.

  • With this adware, users will be able to enjoy ad infestations both while on and off MySpace.
  • In addition, Dan Moniz, a security consultant in San Francisco, recommends using a browser other than Internet Explorer.

    Isn't that preaching to the choir around here? The only thing I could making it worse is to be using AOL to fire up IE, then hit myspace.

  • 127.0.0.1 localhost
    127.0.0.1 myspace.com
    127.0.0.1 webshots.com
    127.0.0.1 aol.com
    ...
    ...
    ...

    The kids will hate it, but they're not the ones who pay me.
  • zanga or zango. The blurb above says zanga ( xanga is a blog site) and the linked article says zango. Is the author and the editor accusing xanga of attacking myspace?
  • 9 out of 10 pedophile predators prefer hanging out where there tens of thousands of underaged kids instead of a church ... film at 11.

    9 out of 10 spammers prefer large bodies of largely ignorant masses that will do exactly what they are told to do; that don't have a clue and don't want one ... film at 11.

    Say ... does anyone remember like .. 5 years ago ... if you met someone online and established any sort of a relationship with them, you were considered a freak?

    This just in ... people are fickle, bandwagon
    • by sm62704 (957197)
      9 out of 10 pedophile predators prefer hanging out where there tens of thousands of underaged kids instead of a church

      I'm confused; I thought 9 out of 10 pedophile predators were Catholic Priests?
  • I agree with a lot of other people here: this isn't that surprising. However, social networking is a fairly powerful medium in that you can give masses of people incentives to sign up and hop on the same bandwagon simply by having other people around, which is effectively costless. Knowing this, the idea behind CommonRoom ( http://www.commonroom.com [commonroom.com]) is to use that kind of momentum, however frivilous its basis is in reality, to specifically *prevent* these kinds of attacks from taking place by validating eve
  • Anywhere people might congregate attracks liars, thieves and cheats...

    The online world is no different than the real world. Look at security for huge sporting or other public events. Look at the joke our airports are.

    If a lot of people are going to be spending time somewhere, online or real world, shader fucks will show up and try to screw shit up at some point.
  • Browse safely with a Mac or from Linux instead.

"I'm not afraid of dying, I just don't want to be there when it happens." -- Woody Allen

Working...