Exploits Propagated Via Social Media Increase

Orome1 writes "Infection via email, traditionally the most popular vector for spreading malware, has declined in favor of greater use of social media. These include clickjacking attacks using the Facebook 'Like' button, fake Web pages positioned on search engines (BlackHat SEO), and zero-day vulnerability exploits. The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices. A number of different threats have appeared, primarily aimed at racking up phone bills or using the geolocalization function to transmit a user's position to a third party."

Google Android Exploits

[savanik]

And here I am with an android phone that's running 1.5 because the vendor refuses to release any more updates for this 1-year old model of phone.

Oh, wait, that's right, I already rooted and upgraded to 2.2. Nevermind.

Re:

[dieth]

Gogo Telus HERO... Fucking Telus, even MEXICO has Android 2.1 on there Hero

Re:

[morgan_greywolf]

As I said in the last Android article, all apps have access to your sdcard, and to your identity (esn/imei/meid/phone number)

The Android Developer reference says otherwise [android.com]:

A basic Android application has no permissions associated with it, meaning it can not do anything that would adversely impact the user experience or any data on the device. To make use of protected features of the device, you must include in your AndroidManifest.xml one or more tags declaring the permissions that your application needs.

Re:

[AnonymousClown]

The reference may say otherwise, but what about in practice? Meaning, maybe there's a bug that allows the access.

Re:

[Anonymous Coward]

And actually using an Android phone says otherwise. Just install a simple app like "Text Edit" by Paul Mach - easy to find on the market. Before installing, hit the menu softkey, then the security icon that pops up. It will say "No permissions required."

Use it, save a file. Where does the file end up? On your SD card. How did it do that?

Now go to the homescreen, hit menu, applications, manage applications, text edit. Scroll down and what do we see under permissions? "modify/delete SD card contents" and "rea

Re:

[_Sprocket_]

Now go to the homescreen, hit menu, applications, manage applications, text edit. Scroll down and what do we see under permissions? "modify/delete SD card contents" and "read phone state and identity". Permissions you were NOT warned about during the install.

Is this more of an issue with the Market (which is, of course, Google's to fix)?

Re:

[morgan_greywolf]

Yet, the application must have requested WRITE_EXTERNAL_STORAGE [android.com] in its Manifest.xml. If Market didn't tell you about it, that's a Market issue.

All applications can READ from the external storage, which is considered public. Private data, OTOH, is required to be stored on the internal storage. This is secifically mentioned in the Developer Guide. If an app is storing private data on the external storage, then you need to tell the author that he or she is stupid. You can, of course, always remove files fro

Re:

[Anonymous Coward]

Market and Android are one and the same. You can argue all day about how the documentation says this, and the AOSP code doesn't contain that, but at the end of the day, any Android device worth using has the Market app on it. People install apps through the market and have no idea that (#1) apps like "Text Edit" that didn't even ask for SD card permissions might save their documents on the SD card, and (#2) that any app that requests internet access will be able to upload those documents along with your pho

Kind of humorous, actually

[WillAffleckUW]

Today the guys trying to force Seattle to give away public park land to a Chihulhy museum hacked the social media SLOG site poll to "fix" a poll that was going heavily against them.

Link as follows: Chihulhy.com hacks SLOG poll as they lose to Tiger Breeding option [strn.gr]

Very sad.

But the Android OS holes and exploits are more likely due to it's popularity amongst tech geeks.

In my personal experience, most people prefer the iPhone, but I always say if you're a tech geek, you should opt for the Android instead, cause

Why does Facebook allow the fake "Like" apps?

[swb]

They're really deceiving.

Re:

[account_deleted]

Comment removed based on user account deletion

Bounce around much?

[Galestar]

The title of TFA is "E-mail infections decline as exploits propagated via social media increase"

yet it likes to bounce around to

"The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

Then to

There has also been a great deal of commotion around two serious zero-day flaws in Microsoft OS code, one of which was exploited to attack SCADA systems (specifically in, nuclear power stations).

This article really has nothing to say about the rise of use of social media as a vector, other than mentioning the recent twitter exploits--in the last paragraph. Why did this article make it to the front page again?

Re:

[BJ_Covert_Action]

Why did this article make it to the front page again?

Because it falls right in line with the, "We're all screwed. The world is going to end. Tomorrow is worse than yesterday. The fall of civilization is on the horizon. DOD has adopted perl as its primary nuclear arsenal launch control language..." theme that is so prevalent in news these days.

Re:

[apoc.famine]

Yet another example of how the editing of this website is solely focused on adviews, and nothing else. I'm looking for a new website, as are quite a few others. Any ideas?

Zero Day Exploits

[Swanktastic]

Zero Day Exploits don't seem to have anything to do with Social Media, even though thrown thrown in as a subcategory.

Duh

[Spad]

People with nefarious goals target massively popular services with shitty security and largely uninformed users. Film at 11.

Statestheobviousman

[Idiomatick]

"The rise in popularity of smart phones powered by Google's Android operating system for smart phones has been accompanied by an increase in attacks targeting these devices."

In other news, the rise in people having unprotected sex resulted in a rise in pregnancies.

And a rise in the number of boaters has increased the number of boating accidents.

Social Media? Gr8

[ls -la]

In true slashdot fashion, I haven't RTFA. However, I see a number of people saying the article mentions attacks targeted at social media, android phones, and microsoft. As I don't use any of these, I would like to tell the hackers: Great! Keep up the good work.

No way!

[RocketRabbit]

I say no way! Nobody could be pirating my clicks. /drools and goes back to raising virtual pigs and sending virtual gifts to virtually unknown "friends."

Comment Count

[cosm]

As of posting I see 21 comments for this story, ~5 hours after its initial posting. Conclusion: Nobody cares and/or nobody empathizes with those affected by said malicious exploits propagated via social media.

Hell, if anything, I call it digital natural selection. Taking out the weak and ignorant one Like at a time.

Re:

[thijsh]

Hell, if anything, I call it diggital natural selection. Taking out the weak and ignorant one Like at a time.

FTFY