Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Social Networks Attract Malware Authors

Posted by kdawson on Tue Oct 03, 2006 02:59 PM
from the where-the-eyeballs-are dept.
Security Spam The Internet
Looks like the Zanga attack on MySpace last summer was a bellwether. Tiny Tuba writes, "Parents and social network users have one more thing to worry about. According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more." From the article: "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."
+ -
story

Related Stories

[+] Adware Spreads Through Myspace 209 comments
Sandbagger writes "Here's an interesting problem for MySpace — groups of websites that entice MySpace users into placing videos onto their profile pages (under the guise of 'free content'), without disclosing a key piece of information that might make them think twice. When someone visits one of these profiles carrying the video, a DRM acquisition box pops up and attempts to install Zango adware. In all likelihood, the profile owners don't even know these videos are doing this to their visitors. The end result is an Adware affiliate effectively removing himself from the distribution chain and letting kids promote these videos instead, in a strange example of viral marketing gone wrong."
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Social Networks Attract Malware Authors 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Oh no! My lacy bra just fell off of my first post! (Score:4, Funny)

    by BeeBeard (999187) on Tuesday October 03 2006, @03:03PM (#16296731)
    *downloads your bank account information*

  • Zanga? (Score:3, Informative)

    by Hangin10 (704729) on Tuesday October 03 2006, @03:03PM (#16296739) Homepage
    That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.
    • That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.

      The word you're looking for is malwareorist.
    • It's a good place for them too, they get their fill of stupid people without worrying about wasting time with those of us who know better, and those of us who know better don't have to waste time dealing with malwareorists... it's a win-win-win (stupid people ALWAYS win, what with their blissful ignorance and all)
  • You're joking right? I can hardly believe...

  • in other news (Score:3, Funny)

    by Bloke down the pub (861787) on Tuesday October 03 2006, @03:05PM (#16296771)
    "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."

    Huge clueless crowds gawping at $deity-knows-what and not paying attention.

    Film at 11.
  • How suprising

    ...bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

    Come on, we all knew it was a matter of time.

  • normal? (Score:5, Funny)

    by User 956 (568564) on Tuesday October 03 2006, @03:06PM (#16296793) Homepage
    According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

    What, you mean that's not what normally passes for content on MySpace?
  • This is going to make the general population more aware of 'internet sanitation'. Its going to enter the public consciousness that there are some nasty things out there. People probably won't learn that using IE is like picking up a dirty syringe that washed up on the beach, but they may be a little more careful about what they click.

    Expect snakeoil anti-malware companies to flourish as well.

    • Re: (Score:3, Funny)

      by grub (11606)

      This will open up the way for Norton MySpace Security Only $29.95 a year!
      • If it will remove every myspace reference on Slashdot and everywhere else, I'm buying 8. At last I am becoming a crafty consumer...

    • Re: (Score:3, Insightful)

      by joe 155 (937621)
      I disagree with your first point, but agree fully about people selling crap anti-malware (why buy it? linux is free).

      If all the other 0day attacks that have existed and the old classics which still rumble on aren't enought to make people care nothing will, not even myspace. Someone who lives in my building has a worm which could easily be stopped if they updated XP (It keeps trying to probe my linux box and registers as "microsoft-ds" on port 445, if you're wondering), but some people will just never ca

      • Still, I suppose there might be some money to be made from selling really basic anti-malware programs which might do nothing - but because they're closed source it'd be illegal to find out ; )

        I think the probability that that will happen is astronomically high.

        I still think people will be worried and carefull. They might manage to remove the recycling bin from their desktop if they get some idea that its dirty and has viruses or worms growing on it.
        • I think the probability that that will happen is astronomically high.

          Really? I think it's less than (but not by much!) or equal to one.

          ---

          Tag this "too easy to ignore".
        • hmmm, for advice on linux security I would say it is worth looking out for rootkits or attacks from outside trying to use open ports, especially for SSH which can sometimes as a default allow remote root login (it does on fedora) so unless you really need to run SSH I would close it/make sure it's closed. Secondly I would install rkhunter (it's free and open source) and chkrootkit (again free and open source, if you have something like yum on ubuntu it should be in their repos... I've never used it so don'

    • Re: (Score:3, Insightful)

      by Cap'nPedro (987782)
      Are you sure they'll even know where the malware came from/how they were infected?

      Even if they're told, will they believe it?
      • Come on, these are the same people who fell for "this email contains a virus" before there was Outlook.
        These are people who worried about a knock from the cops when their program performed an illegal access and had to be shut down.

    • Re: (Score:3, Insightful)

      by pembo13 (770295)
      The problem with what you saying is that people (as a whole) are quite comfortable with not knowing what nasties lay "out there". There have always been these things, in different forms. The will seemly cope by ignoring.

  • So... (Score:1, Flamebait)

    by creimer (824291)
    Who wants to pay $900+ million USD for this crime-infested website that probably have more cops pretending to be sexually active little girls than actual users?

  • Add the Duh! tag now (Score:4, Insightful)

    by zappepcs (820751) on Tuesday October 03 2006, @03:14PM (#16296919) Journal
    Is it just me, or is everyone else having trouble understanding why this is news.

    Ants are invading picnics... news at 11.
  • I wonder how many Windows users know how to use Netstat -a -n. It's amazing how much BSD stuff Bill and his friends pulled into their OSes. That will give you a pretty good idea of where your computer is trying to go.
    • Why is netstat "yet another reason to use Linux" if it is already in Windows? If it's already there, no need to switch. Also, I would agree that very few Windows users know about or how to use netstat. And even if you were to tell a typical Windows user to go run netstat -a -n, do you think any of them would know what to do with it? I seriously doubt it, and I also don't really think they should. Not everyone has the time/desire to be a computer expert.

    • I used netstat to figure out why my IIS was unreachable from outside the computer it was on.

      Had nothing to do with port forwarding or NAT... a typo set my firewall to explicitly "block" the ports it used instead of "allow" them. Netstat didn't fix something like user error, but let me eliminate the other options.

      Oh well.

  • Boobies (Score:3, Funny)

    by truthsearch (249536) on Tuesday October 03 2006, @03:19PM (#16296963) Homepage Journal
    bad guys are booby-trapping sites like My Space

    Lots of kids use MySpace, so please leave boobies out of this. Please think of the children. Thanks.
    • No, boobies are *for* kids. Listen to La Leche League. _You_ are the one who needs to think of the children, pal.

      <sing>Mammaries...Like the corners of my mind</sing>

  • Quick! Outlaw Something! (Score:5, Insightful)

    by Bob9113 (14996) on Tuesday October 03 2006, @03:19PM (#16296975) Homepage
    Clearly what we need in response to this new threat is more laws. We must outlaw things so that our children can be protected from these online predators. And while we may not be sure exactly what to outlaw, surely we can start by outlawing things that are new or used by strange people. It may not solve the problem, but we can't know for sure until we start outlawing things. In this new world of threats that have never been seen before, we have to have the courage to pass laws before we know what is wrong. The only other option is to wait until after the ambiguous threat has caused the damage it may or may not intend to cause. We simply cannot stand idly by and let that maybe happen.

    • It's already outlawed (Score:5, Interesting)

      by Chemisor (97276) on Tuesday October 03 2006, @04:04PM (#16297589) Journal
      Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison. Considering that quite a few of them show advertisements (adware) or contact some global host owned by somebody (spyware) it ought not to be very hard to follow the money and find the culprit. Web sites have ownership, and so are trackable. Companies have ownership, and so can be found. Companies that sell stuff can definitely be found and very easily. Why isn't the police arresting them?
      • Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison.

        The prisons are too full of drug users.
  • Flies like shit.
    Fleas like dogs.
    Homer like beer.
  • "increasingly bad guys are booby-trapping sites like My Space and Webshots"
    So, the problem is not that there are more malware authors, but that they are getting worse. LOL.
  • Geeks taking over social spaces. Will wonders never cease?
  • As the saying goes "Shit attracts flies".

  • A few things here... (Score:3, Interesting)

    by dominion (3153) on Tuesday October 03 2006, @03:34PM (#16297167) Homepage
    There's a few factors which have made myspace a cesspool spawning marketing and advertising demons left and right.

    The first is that the system is centralized. Therefore, any spammers, spimmers, or whatever they're called on social networking sites, who decide to set up shop have only to contend with a sign up process, and maybe a captcha. Other than that, the burden is put on myspace.com itself. The spammers get a free ride.

    The answer to this is to create a more decentralized social networking system. Like I've said before, I'm working on an open source project like that called Appleseed [sourceforge.net], but some of the ways I can foresee stopping spammers from setting up fake profiles and all that is to a) use a sender-stores system for messaging, so that the burden of storing and maintaining messages is put on the spammer. Want to send out a million messages? Sure. But be sure to be willing to host those messages indefinitely until their recipients decide to pick them up. Oh, and as far as accountability goes, it'll be a lot easier to find you. Also, b) By distributing social networking into specialized nodes, you now have a lot large pool of people willing to get rid of spammers. Each node will have a dedicated admin, so knocking off one or two fake profiles every so often isn't so hard. But MySpace has 50,000,000 people on one site. Sometimes it seems like they don't care about spammers, but honestly, it's probably just that they're incapable of removing all of them as fast as they're created. "Never attribute to malice" and all that...

    The other important factor? Men are idiots. I see these fake profiles that scream "no fucking way I'm real", and it'll have hundreds of knucklehead friends. It seems creating a profile that says,

    "Hi, I'm Emily! I'm 19 years old, bisexual, and I just moved to Detroit from Cali! I like to party, have fun, dance, and have naughty sex! Come over and see me on my webcam over here..."

    is all you need to do to create the requisite blood flow displacement which makes most dudes take a few steps back on the evolutionary ladder. Just like spam, you can take a technical approach, and that can go a far way to defeating it, but as long as there are dudes out there with barbed wire bicep tattoos, backwards hats, throwing up fake gang signs in their bedroom in front of a Sublime poster willing to be duped by the simplest of scams, there's not much we can do. Possibly a well educated, self-confident, and sexually liberation female population who absolutely refused to have sex with these cro-magnons until they opened a book might help. But like a sender-stores system, some of them might get through anyways.
  • With this adware, users will be able to enjoy ad infestations both while on and off MySpace.
  • 127.0.0.1 localhost
    127.0.0.1 myspace.com
    127.0.0.1 webshots.com
    127.0.0.1 aol.com
    ...
    ...
    ...

    The kids will hate it, but they're not the ones who pay me.
  • zanga or zango. The blurb above says zanga ( xanga is a blog site) and the linked article says zango. Is the author and the editor accusing xanga of attacking myspace?
  • Anywhere people might congregate attracks liars, thieves and cheats...

    The online world is no different than the real world. Look at security for huge sporting or other public events. Look at the joke our airports are.

    If a lot of people are going to be spending time somewhere, online or real world, shader fucks will show up and try to screw shit up at some point.
  • Browse safely with a Mac or from Linux instead.
    • There are over three billion women in the world and none of them want to have sex with me. That, my friends (*), is rejection.

      You can always try men... or animals.
    • There are over three billion women in the world and none of them want to have sex with me.

      You haven't met all three billion women. Why do you think God created crack cocaine? Scrape the cobwebs off your wallet and buy a whore!
    • 9 out of 10 pedophile predators prefer hanging out where there tens of thousands of underaged kids instead of a church

      I'm confused; I thought 9 out of 10 pedophile predators were Catholic Priests?

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.