Social Networks Attract Malware Authors

Looks like the Zanga attack on MySpace last summer was a bellwether. Tiny Tuba writes, "Parents and social network users have one more thing to worry about. According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more." From the article: "Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."

Oh no! My lacy bra just fell off of my first post!

[BeeBeard]

*downloads your bank account information*

Zanga?

[Hangin10]

That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.

Re:Zanga?

[PsychoSlashDot]

That'd be Zango. Anyway, why wouldn't they release malware through myspace? It's userbase is huge. From the point of view of the mal..ware..ist(?), it's the ultimate distribution medium.

The word you're looking for is malwareorist.

Re:Zanga?

[twistedsymphony]

It's a good place for them too, they get their fill of stupid people without worrying about wasting time with those of us who know better, and those of us who know better don't have to waste time dealing with malwareorists... it's a win-win-win (stupid people ALWAYS win, what with their blissful ignorance and all)

Wait..

[mr_stinky_britches]

You're joking right? I can hardly believe...

in other news

[Bloke+down+the+pub]

"Like pickpockets at a festival, money-minded malware authors are drawn by the huge crowds visiting social networking sites."

Huge clueless crowds gawping at $deity-knows-what and not paying attention.

Film at 11.

Well gosh.

[AltGrendel]

How suprising

...bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

Come on, we all knew it was a matter of time.

Re:Well gosh.

[Korin43]

As if it's even necessary.. MySpace crashes my computer without help..

Re:Well gosh.

[darthmiho]

Really, if we all thought about it, my only thought was, "they weren't already?". What with all the browser-crashing abilities that site has.

normal?

[User+956]

According to a PC World article, increasingly bad guys are booby-trapping sites like My Space and Webshots with malware in the form of links, ads, bogus invitations to view pictures, and more.

What, you mean that's not what normally passes for content on MySpace?

a learning experience

[Phantom+of+the+Opera]

This is going to make the general population more aware of 'internet sanitation'. Its going to enter the public consciousness that there are some nasty things out there. People probably won't learn that using IE is like picking up a dirty syringe that washed up on the beach, but they may be a little more careful about what they click.

Expect snakeoil anti-malware companies to flourish as well.

Re:a learning experience

[grub]

This will open up the way for Norton MySpace Security Only $29.95 a year!

Re:a learning experience

[joe+155]

I disagree with your first point, but agree fully about people selling crap anti-malware (why buy it? linux is free).

If all the other 0day attacks that have existed and the old classics which still rumble on aren't enought to make people care nothing will, not even myspace. Someone who lives in my building has a worm which could easily be stopped if they updated XP (It keeps trying to probe my linux box and registers as "microsoft-ds" on port 445, if you're wondering), but some people will just never care.

Still, I suppose there might be some money to be made from selling really basic anti-malware programs which might do nothing - but because they're closed source it'd be illegal to find out ; )

Re:a learning experience

[Cap'nPedro]

Are you sure they'll even know where the malware came from/how they were infected?

Even if they're told, will they believe it?

Re:a learning experience

[alx5000]

If it will remove every myspace reference on Slashdot and everywhere else, I'm buying 8. At last I am becoming a crafty consumer...

Re:a learning experience

[Phantom+of+the+Opera]

Still, I suppose there might be some money to be made from selling really basic anti-malware programs which might do nothing - but because they're closed source it'd be illegal to find out ; )

I think the probability that that will happen is astronomically high.

I still think people will be worried and carefull. They might manage to remove the recycling bin from their desktop if they get some idea that its dirty and has viruses or worms growing on it.

Re:a learning experience

[pembo13]

The problem with what you saying is that people (as a whole) are quite comfortable with not knowing what nasties lay "out there". There have always been these things, in different forms. The will seemly cope by ignoring.

Re:a learning experience

[carpeweb]

I think the probability that that will happen is astronomically high.

Really? I think it's less than (but not by much!) or equal to one.

---

Tag this "too easy to ignore".

Re:a learning experience

[kamil212]

So true about all the crap anti-malware/spyware software out there. I'm so tired of going to somebody's house and seeing 10 icons on the desktop for this anit-crap SW, then running my own little free tool and finding hundreds of threats. Just wondering, since I switched to Linux a couple of months ago (newest Ubuntu distro), what threats do I still have to watch out for? (all I use is firefox plus I have two ports forwarded from my router for DL purpuses). Thanks

Re:a learning experience

[joe+155]

hmmm, for advice on linux security I would say it is worth looking out for rootkits or attacks from outside trying to use open ports, especially for SSH which can sometimes as a default allow remote root login (it does on fedora) so unless you really need to run SSH I would close it/make sure it's closed. Secondly I would install rkhunter (it's free and open source) and chkrootkit (again free and open source, if you have something like yum on ubuntu it should be in their repos... I've never used it so don't know how it works).

A good virus scanner is clamav and a good firewall is firestarter.

That might sound like a lot, but when they are set up its just a case of looking every now and again, and the rootkit searchers take only about 1 min to run both...

As for spyware there is very little if any for Linux. Basically you could pretty much not install anything other than a firewall and just not run as root and it should be ok (in fedora the SSH causes real problems if left open, but I've heard Ubuntu doesn't have a root account as such, so maybe it's not so much of a problem). Linux is very safe though, so it should provide you with years of stress free computing.

So...

[__aaclcg7560]

Who wants to pay $900+ million USD for this crime-infested website that probably have more cops pretending to be sexually active little girls than actual users?

Re:So...

Members of the US Congress?

Re:So...

Ummm, he said "girls"

Re:So...

[cashman73]

No, you have it wrong! Congressman Foley was interested in little boys , not little girls,...

Re:So...

[WilliamSChips]

Rupert Murdoch, who also didn't have enough money to continue Firefly.

Add the Duh! tag now

[zappepcs]

Is it just me, or is everyone else having trouble understanding why this is news.

Ants are invading picnics... news at 11.

Re:Add the Duh! tag now

[pembo13]

Not just you. This seems so logical and expected.

Re:Add the Duh! tag now

Ants are invading picnics... news at 11.

There is a free lunch - if you're an ant.

Yet another reason to use Linux

[SwedishChef]

I wonder how many Windows users know how to use Netstat -a -n. It's amazing how much BSD stuff Bill and his friends pulled into their OSes. That will give you a pretty good idea of where your computer is trying to go.

Re:Yet another reason to use Linux

[LordOfTheNoobs]

wonder how many Windows users know how to use Netstat -a -n

Not many. They don't have to. Note this is posted from linux, which I use because I like doing all sorts of programming related things with my computer and don't mind editing /etc/X11/xorg.conf to go multihead etc. My users use Windows and are comfortable there because while it doesn't often do as much, it does it easier for the most part. Which is what they want.

Linux is where the backend stuff is going. Windows is still what all the client ends are chasing.

Re:Yet another reason to use Linux

[1000101]

Why is netstat "yet another reason to use Linux" if it is already in Windows? If it's already there, no need to switch. Also, I would agree that very few Windows users know about or how to use netstat. And even if you were to tell a typical Windows user to go run netstat -a -n, do you think any of them would know what to do with it? I seriously doubt it, and I also don't really think they should. Not everyone has the time/desire to be a computer expert.

Re:Yet another reason to use Linux

[sowth]

MS Windows easier? Easier than Slackware or OpenBSD maybe. They are just used to Windows. Though I think most of them wouldn't notice if you changed their installs to Linux running KDE. Except they would think someone had changed their icons. The only real problem with Linux and other alternative OSes is the fact most software vendors only write programs for MS Windows, and that API is too contrived to easily clone.

Look at Wine. From what I've seen, a lot of people have done quite a bit of work on wine, yet it is still incomplete. In fact, it will probably always be incomplete because MS is constantly adding to their API. Whatever flavor of the month they decided. They most likely do it to make sure they keep their monopoly. (If people clone their API, then their monopoly will die.)

Windows and the win98 clones on linux (KDE, Gnome) are not really that easy to use, just many people have learned to use Windows, so anything like it is called "easy to use" by these people.

Of course most people haven't seen many other OSes lately because MS destroyed the market. So there are no significant examples of anything that is easier to use. How many for-profit OSes have you seen lately? And Linux and the BSDs don't count because they are created by nonprofit groups.

Boobies

[truthsearch]

bad guys are booby-trapping sites like My Space

Lots of kids use MySpace, so please leave boobies out of this. Please think of the children. Thanks.

Re:Boobies

[themushroom]

Apparently you haven't been on MySpace and seen either the boobies or the kids. ;-)

Re:Boobies

[mudshark]

No, boobies are *for* kids. Listen to La Leche League. _You_ are the one who needs to think of the children, pal.

<sing>Mammaries...Like the corners of my mind</sing>

Quick! Outlaw Something!

[Bob9113]

Clearly what we need in response to this new threat is more laws. We must outlaw things so that our children can be protected from these online predators. And while we may not be sure exactly what to outlaw, surely we can start by outlawing things that are new or used by strange people. It may not solve the problem, but we can't know for sure until we start outlawing things. In this new world of threats that have never been seen before, we have to have the courage to pass laws before we know what is wrong. The only other option is to wait until after the ambiguous threat has caused the damage it may or may not intend to cause. We simply cannot stand idly by and let that maybe happen.

Re:Quick! Outlaw Something!

[spx]

Pretty soon we will be having good old fashion witch hunts too.

believe it?

[Phantom+of+the+Opera]

Come on, these are the same people who fell for "this email contains a virus" before there was Outlook.
These are people who worried about a knock from the cops when their program performed an illegal access and had to be shut down.

Re:believe it?

[Plutonite]

Please stop saying mean things about my mom.

speaking of social networks

There are over three billion women in the world and none of them want to have sex with me. That, my friends (*), is rejection.

(*) I also anticipate your rejecting my friendship.

Re:speaking of social networks

[secolactico]

There are over three billion women in the world and none of them want to have sex with me. That, my friends (*), is rejection.

You can always try men... or animals.

Re:speaking of social networks

[sm62704]

There are over three billion women in the world and none of them want to have sex with me.

You haven't met all three billion women. Why do you think God created crack cocaine? Scrape the cobwebs off your wallet and buy a whore!

In other news...

[PHAEDRU5]

Flies like shit.
Fleas like dogs.
Homer like beer.

My, oh my!

[DJ+Marvin]

"increasingly bad guys are booby-trapping sites like My Space and Webshots"

So, the problem is not that there are more malware authors, but that they are getting worse. LOL.

Geeks in MySpace

[jazman_777]

Geeks taking over social spaces. Will wonders never cease?

The design is malware

[Cartack]

Browse random myspace pages with care. I have had many full system lockups navigating through the different sites. I don't know how these people get so many friends when thier sites are causing peoples computers to crash.

This should be no surprise...

[XxtraLarGe]

As the saying goes "Shit attracts flies".

A few things here...

[dominion]

There's a few factors which have made myspace a cesspool spawning marketing and advertising demons left and right.

The first is that the system is centralized. Therefore, any spammers, spimmers, or whatever they're called on social networking sites, who decide to set up shop have only to contend with a sign up process, and maybe a captcha. Other than that, the burden is put on myspace.com itself. The spammers get a free ride.

The answer to this is to create a more decentralized social networking system. Like I've said before, I'm working on an open source project like that called Appleseed, but some of the ways I can foresee stopping spammers from setting up fake profiles and all that is to a) use a sender-stores system for messaging, so that the burden of storing and maintaining messages is put on the spammer. Want to send out a million messages? Sure. But be sure to be willing to host those messages indefinitely until their recipients decide to pick them up. Oh, and as far as accountability goes, it'll be a lot easier to find you. Also, b) By distributing social networking into specialized nodes, you now have a lot large pool of people willing to get rid of spammers. Each node will have a dedicated admin, so knocking off one or two fake profiles every so often isn't so hard. But MySpace has 50,000,000 people on one site. Sometimes it seems like they don't care about spammers, but honestly, it's probably just that they're incapable of removing all of them as fast as they're created. "Never attribute to malice" and all that...

The other important factor? Men are idiots. I see these fake profiles that scream "no fucking way I'm real", and it'll have hundreds of knucklehead friends. It seems creating a profile that says,

"Hi, I'm Emily! I'm 19 years old, bisexual, and I just moved to Detroit from Cali! I like to party, have fun, dance, and have naughty sex! Come over and see me on my webcam over here..."

is all you need to do to create the requisite blood flow displacement which makes most dudes take a few steps back on the evolutionary ladder. Just like spam, you can take a technical approach, and that can go a far way to defeating it, but as long as there are dudes out there with barbed wire bicep tattoos, backwards hats, throwing up fake gang signs in their bedroom in front of a Sublime poster willing to be duped by the simplest of scams, there's not much we can do. Possibly a well educated, self-confident, and sexually liberation female population who absolutely refused to have sex with these cro-magnons until they opened a book might help. But like a sender-stores system, some of them might get through anyways.

Re:A few things here...

[dim5]

Hi Emily!

URL plz! Do you take PayPal?

Re:A few things here...

[GrumpySimon]

I'm replying to this, not because I have anything useful to say here, but because I just mistakenly up modded a troll (http://it.slashdot.org/comments.pl?sid=198901&cid =16298289) for cutting and pasting your exact same comment above.

Re:A few things here...

[P3NIS_CLEAVER]

Just like spam, you can take a technical approach, and that can go a far way to defeating it, but as long as there are dudes out there with barbed wire bicep tattoos, backwards hats, throwing up fake gang signs in their bedroom in front of a Sublime poster willing to be duped by the simplest of scams, there's not much we can do.

Dude, no way i can be duped!!!

Re:A few things here...

[Lord_Dweomer]

There's a few factors which have made myspace a cesspool spawning marketing and advertising demons left and right.

Might also have something to do with the fact that the founders don't exactly have a problem with it seeing as how MySpace was founded by spammers, not Tom. Tom is just the pretty wholesome face they put on there to get peopel to join.

onoz!

Wait. You mean where people congregate and very sparse places are prime targets for crime? onoz! zomg!

The Tragedy of the Commons

Once again, the brats are finding out that no one spanks them for hogging all the toys for themselves, thus ruining the park for everyone, themselves included.

They've ruined

• Halloween with their pins and razors
• The rivers and lakes with their pollution
• Usenet and email with their cursed spam
• Flying with their crazy jihad
• The cities with their gang banging

And now

• Social networking

What's next? Will they float massive billboards in the sky to advertize their stupid products, begin jamming satellite radio to fill the airwaves with their putrid commercials, or introduce genetically modified weeds that spell the name of the unholy goods they push to us in 72000 point Courier as we walk through what were previously our own yards?

/rant.

Wait...

Wasn't Webshots already malware?

Ads Either Way

[Neil+Hodges]

With this adware, users will be able to enjoy ad infestations both while on and off MySpace.

It's already outlawed

[Chemisor]

Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison. Considering that quite a few of them show advertisements (adware) or contact some global host owned by somebody (spyware) it ought not to be very hard to follow the money and find the culprit. Web sites have ownership, and so are trackable. Companies have ownership, and so can be found. Companies that sell stuff can definitely be found and very easily. Why isn't the police arresting them?

Re:It's already outlawed

[sm62704]

Hacking into some system, to install malware or whatever, is already illegal. One wonders why these people are not more often found and thrown in prison.

The prisons are too full of drug users.

Re:It's already outlawed

[Squigley]

> Why isn't the police arresting them?

Is our children learning? :-)

Sorry, couldn't resist.

-1, there mods, I did it for you :-)

Some people don't know how to tag

I know this is a tad off topic, but you would think Slashdot readers - of all people - would know how to tag. But I continuously see the word "duh" as a tag, for bloody near every story. Why? It's not a very descriptive tag. And the smug asshat who uses duh tag is really showing how stupid he is.

Start tagging right people, or get off slashdot. Maybe Yahoo answers will take ya!

Captain Obvious!

[ScottyKUtah]

In addition, Dan Moniz, a security consultant in San Francisco, recommends using a browser other than Internet Explorer.

Isn't that preaching to the choir around here? The only thing I could making it worse is to be using AOL to fire up IE, then hit myspace.

Advice for Parents

[spywhere]

127.0.0.1 localhost
127.0.0.1 myspace.com
127.0.0.1 webshots.com
127.0.0.1 aol.com
...
...
...

The kids will hate it, but they're not the ones who pay me.

ummm?

[minus_273]

zanga or zango. The blurb above says zanga ( xanga is a blog site) and the linked article says zango. Is the author and the editor accusing xanga of attacking myspace?

Film at 11 ...

[darkuni]

9 out of 10 pedophile predators prefer hanging out where there tens of thousands of underaged kids instead of a church ... film at 11.

9 out of 10 spammers prefer large bodies of largely ignorant masses that will do exactly what they are told to do; that don't have a clue and don't want one ... film at 11.

Say ... does anyone remember like .. 5 years ago ... if you met someone online and established any sort of a relationship with them, you were considered a freak?

This just in ... people are fickle, bandwagoning idiots ... Film at 11.

Re:Film at 11 ...

[sm62704]

9 out of 10 pedophile predators prefer hanging out where there tens of thousands of underaged kids instead of a church

I'm confused; I thought 9 out of 10 pedophile predators were Catholic Priests?

Me!

[Z34107]

I used netstat to figure out why my IIS was unreachable from outside the computer it was on.

Had nothing to do with port forwarding or NAT... a typo set my firewall to explicitly "block" the ports it used instead of "allow" them. Netstat didn't fix something like user error, but let me eliminate the other options.

Oh well.

Troll

[GrumpySimon]

Why is this post exactly the same as this one? http://it.slashdot.org/comments.pl?sid=198901&cid= 16297167 Mistakenly hit the cut'n'paste key instead of typing your own reply?

Re:Troll

[Corwn+of+Amber]

So what? I've done that too. (Not on the same site, but on the exact same subject.)

Plus, he's SO right. Idiots who click links to malware deserve whatever happens to them. That, and a beating. A beating every time. Maybe Pavlov's will work even on idiots. I know for a fact it even works on sub-par animals.

Re:Troll

[GrumpySimon]

The OP cut and pasted someone ELSEs +n insightful post (I linked it above). I have no problem if you want to repeat yourself, that's fine, but stealing someone elses glory is just lame.

Re:Troll

Get a life, tool. The post police are having a heyday!! Idiot.

Re:Troll

[GrumpySimon]

Wow, getting insulted by an anonymous coward. I'll be crying myself to sleep tonight.

Ahem!

How about this...you are so bored and gay that you have nothing better to do with your time? What are you going to do next, watch hentai with your boyfriend? Get off slashdot, queer.

An Alternative Way of Thinking

[ThinkComp]

I agree with a lot of other people here: this isn't that surprising. However, social networking is a fairly powerful medium in that you can give masses of people incentives to sign up and hop on the same bandwagon simply by having other people around, which is effectively costless. Knowing this, the idea behind CommonRoom (http://www.commonroom.com) is to use that kind of momentum, however frivilous its basis is in reality, to specifically *prevent* these kinds of attacks from taking place by validating everyone on the network (also not a new concept, just rarely done in practice). We have yet to see what might happen if a generally-available network authenticated everyone--would it have the same degree of malicious code in the forms of spam, viruses, and spyware? My guess is no, but I guess we'll find out eventually if CommonRoom or something like it ever catches on.

Headline should read...

[aztektum]

Anywhere people might congregate attracks liars, thieves and cheats...

The online world is no different than the real world. Look at security for huge sporting or other public events. Look at the joke our airports are.

If a lot of people are going to be spending time somewhere, online or real world, shader fucks will show up and try to screw shit up at some point.

Headline should emphasise WINDOWS

[toby]

Browse safely with a Mac or from Linux instead.