Social Networking Malware as Affinity Fraud

Panda Security released its first annual Social Media Risk Index for small- and medium-sized businesses. They surveyed 315 US SMBs with up to 1,000 employees during the month of July.

33 percent of these companies had experienced a malware or virus infection from social networks

23 percent citing employee privacy violations resulting in the loss of sensitive data from social networks

Panda concluded that Facebook provided the majority of the reported malware and privacy violations. That should not be a surprise since Facebook is the most widely used social media site.

I was surprised to see how high Twitter was in list of sources causing problems. Yes, Twitter was half of Facebook. But Twitter’s popularity is much less than half of Facebook. I would pin the responsibility on the widespread use of URL shorteners in Twitter. If a friend sent a link from nytimes.com, I would be much more likely to click on that link than one from nigerianmoneymakingtips.com. When the link is hidden behind the URL shortener (http://bit.ly/aBzaiB), you do not know the destination. (Tell me you didn’t click on that link?) Yes, there are many tools that will expose the URL, but that is not the default for the services.

I think the vast majority of people realize that the Nigerian banker does not really have the millions of dollars promised to you. We are more likely to click on a link sent from a friend or a stranger saying they have money for us.

That is the increased danger from social network sites. They are a type of affinity fraud, preying on those in a similar social circle.  Instead of looking directly for money, they are looking indirectly for passwords and account information.

Affinity frauds exploit the trust and friendship that exist in groups of people who have something in common. They usually enlist respected community leaders from within a group to spread the word about the scheme.

Taking this to social networking sites, the relationship are exposed through the connections memorialized in the site. The leaders are those with the most connections.

By spreading the message from compromised account to compromised account, the malware is piggy-backing on the social connections. The better infections make it look like the message is from the person and the link is tied to something of interest, like the Most Hilarious Video.

The leaders for a social networking site end up being the leaders because the message gets sent to the most people. If I mistakenly send a malware url on Twitter, only a few thousand people will be potential targets. If Chris Brogan sent the message, it would be seen by over 150,000 people. If Kim Kardashian was the sender, then over 4 million people would be on the receiving end.

I don’t think that the malware and privacy concerns should deter businesses from using these tools. You just need to recognize the additional threats. We have become better at spotting the email scams and blocking malicious emails. We just need to improve the technology and increase employee knowledge to reduce the likelihood of social network malware infections.

If You Want to Defend Your Privacy from Geek and Poke

Sources:

Active Privacy Defense by Geek and Poke