Archive for October 2010

Social networking currently presents a larger threat than email

October 29, 2010

Now that email has been in the public consciousness for a couple decades, most of us know how to avoid viruses and scams that are propagated through messages. According to many experts, though, the skills that internet users need to help them avoid malware disguised as benevolent email attachments don’t help them avoid clickjacking and other attacks commonly used on social networking sites. Social networking, therefore, currently presents a larger threat than email.

Talk to any internet security expert, and you’ll find that hackers have directed their attacks at social networking sites such as Facebook and Myspace. Panda Security, for instance, recently wrote a report showing that likejack attacks have become increasingly common as the popularity of social networking sites have grown.

Clickjacking is largely a big threat right now because so many people don’t know how to protect themselves. We’re wary of email attachments, but we don’t think about the potential danger involved in “liking” something online. As this threat continues to become more pervasive, though, it is likely that more people will learn how to avoid them.

Unfortunately, this isn’t the only reason that clickjacking is so problematic. It’s also a matter of technological limitations. Security software engineers have had a very hard time developing programs that can identify clickjacking attacks. That’s because the attacks take advantage of a founding element that’s built right in to the internet’s structure. In comparison, email virus protection was easy to develop.

It could be some time before the casual internet user knows how to avoid clickjack attacks. By that time, it’s almost certain that hackers will have moved on to a new format that will create even more problems. This creates an endless cycle. A cat and mouse game that puts us all at risk.

Instead of solely relying on antivirus software, it’s up to each  of us to learn how to avoid the latest devices used by hackers. Putting our brain’s first is the only way that we’re going to avoid malware. At that point, we can rely on software as a fail safe that offers another level of protection.

Advertisements

Making Facebook more secure and fun

October 26, 2010

Facebook isn’t a whole lot of fun when you’re constantly worried about likejacked links that could endanger your computer’s security. Until recently, though, there hasn’t been a whole lot that Facebook members could do to avoid clickjacked links on Facebook. The best strategies were to pay attention and pray.

As Facebook and other social networking sites have become more dangerous to casual computer users, security organizations have looked for ways to stop clickjackers from stealing the fun from the internet. BitDefender, though, recently released software that can make Facebook safer and more fun.

The app is called SafeGo. It has been specifically designed to protect Facebook users from clickjacking attacks. When you use SafeGo, it alerts you to potential security alerts and highlights compromised links. It even manages to make computer security lighthearted and fun. When you install the SafeGo app, it asks you to take a brief quiz designed to estimate your security risk. Most of the questions, however, are outlandish.If you are a fan of the surreal, then you’ll enjoy taking the quiz.

After completing the quiz, SafeGo will show you compromised links from your friends. This gives you the opportunity to alert your friends about the security risks.

In order to take advantage of BitDefender’s new application, you are going to have to trust the company a bit. The SafeGo app needs access to your computer that you typically wouldn’t give most programs. So far, there aren’t any reports of the company misusing the security pass, but there is always the chance that they, or someone with access to their information, could use SafeGo to bypass your security efforts for nefarious purposes. Chances are that you will be safe. Still, you should always know that there is a risk potential.

Getting clean after a clickjack attack

October 25, 2010

If you’re searching for information about clickjack attacks, then there is a good chance that you’ve already been nailed by some sneaky hacker. While it is important for you to learn how to avoid clickjacking in the future, it is equally important for you to learn how to make sure the attack hasn’t caused any harm to your computer. In essence, you need to learn how to clean up after the attack.

The first thing you want to do is identify any malware that has been installed on your computer. A clickjacked page can install viruses, worms, keystroke loggers, and other types of malware without your knowing it. So what’s the smartest way to identify and eliminate malware? Use two antivirus programs to scour every section of your computer. Be sure that you choose reliable software by checking the ratings at cnet.com.

After you find two programs, perform a thorough sweep. Most antivirus software allows you to adjust their search parameters. Set them as wide as they will go to locate hidden malware.

If you have been clickjacked on Facebook, then you will need to remove any status updates that the link might have added to your profile. If the likejack has added any applications to your profile, you should delete them as well.You might also want to post an apology to your friends just to let them know that they shouldn’t follow the link.

Your computer should be safe to use, now. In the future, be sure to run your antivirus software at least once a day. Alternating the software throughout the week will help ensure that you catch every piece of malware that sneaks onto your computer.

Many internet users still unaware of clickjacking

October 19, 2010

Despite the risk that clickjacking poses for just about everyone who uses the internet, it would seem that some people are still unaware of what it is and what type of threat it poses. That’s the only explanation I have for continued news coverage referring to likejacked pages as the “newest” threat online.

I check Google’s news results for clickjacking every few days, and I’m constantly surprised by news reporters who continue to write about this issue as if it’s a brand new problem. Sure, the popularity of social networking sites have led to a larger number of clickjacked sites than we had a couple years ago, but the threat hasn’t suddenly appeared out of nowhere.

What’s the big deal, you might wonder, with reporters showing up a little late in the game? After all, the information is there for anyone who wants to find it.

That’s true, but clickjacking and ignorance are linked. If we ignore what this scam does, then we become patsies perpetuating the problem by sharing clickjacked links. Also, an ignorant group of people don’t know what types of security options to demand from websites like Facebook and Myspace. These sites aren’t going to drastically alter their approach to security because a few specialists complain. They’ll only make real changes when the vast majority of their users start to ask why the sites aren’t doing more to protect them.

Obviously there are a lot of internet users who don’t know much, or anything, about the threat of clickjacking. And obviously it’s a good thing that reporters are telling these people to watch out. But it’s a shame that so many reporters have ignored the issue up to this point. The very fact that we still need articles about clickjacking is disturbing because it shows how far away we are from solving this problem and alerting the average computer user.

Phishing with Blackhat SEO

October 11, 2010

Recently, I’ve been wondering about whether hackers could establish clickjacks that show up in Google’s top search results for certain keywords. Blackhat SEO strategies would involve creating web content that focuses on popular stories in the media. For instance, the sites might use content that is dense with keywords related to a chart breaking musical group, or they might focus on Lindsey Lohan.

The subject matter isn’t really all that important as long as it’s popular, so let’s just assume that the fictional group Tailspin has released the number one single in America. A blackhat SEO specialists develops content that focuses on Tailspin-specific keywords. This helps the post reach a higher spot in Google search results.

Just including keywords isn’t going to cut it. The blackhat SEO specialist would also have to include incoming and outgoing links that make the page seem important enough to Google’s ranking parameters. If someone had control of enough pages, then this would be very possible. It would, however, take a lot of work.

Assuming that the clickjacked page attracted a fair number of visitors, it would start to move up the ranks toward the first page search results. Eventually it could become the most popular post about Tailspin.

This scenario is possible. But is it likely? Do we really have anything to worry about?

I’m leaning towards “no.” Here’s why…

This is a phishing strategy that relies on thousands of people falling for the setup. The page would, therefore, already need a good rank just to work at all. Since top search results in Google are usually dominated by popular blogs and online magazines, it’s unlikely that the clickjacked site would ever gain prominence.

I think that concerns over clickjacked Google results also deny the reality of SEO services. Professional agencies spend months developing sites that will hit top rankings, and they charge a lot of money for the service. Assuming that the same level of work goes into the clickjacked link, the Blackhat SEO specialists could actually make more money finding a real client. Who would spend hours and hours of work without any guarantee of even the slightest level of success.

And the final reason. I think that Google would catch on to this pretty quickly and remove the clickjacked page from its results.

Does this mean that Blackhat SEO phishing attempts cannot work? No, it just means that it’s very unlikely. I wouldn’t say that it’s impossible. But if I say it’s never going to happen to you, then I’ll probably only be wrong once in a million times.

 

Clickjacking represents serious problem for some employers

October 4, 2010

Most employers worry about virus, trojans, and other types of malware that infiltrate their systems via emails. A recent survey, however, shows that employers might want to have their IT managers shift the focus from email to internet security risks. According to Panda Security, cybercriminals have been devoting more of their resources to clickjacking techniques rather than email scams.

Clickjacking uses an invisible frame that sits on top of an image or link. When you look at a web page that has been clickjacked, you will only see common images, buttons, and links. By and large, they look just like other websites. Actually, that’s the point because the criminals want to convince you that it’s perfectly safe to click on the pages. Unfortunately, when users click on certain elements, they click on invisible links that hover above the elements that they can actually see. Clicking on the invisible links can unleash troublesome malware.

Currently, social networking sites are the easiest ways for criminals to spread clickjacking attacks. In fact, clickjacks on Facebook have become so common that they are now referred to as likejacks. The criminals who use Facebook frequently use the site’s like button to lure in victims.

Why is this such a problem for employers?

The Panda Security survey shows that 77 percent of employees polled admitted to using company computers to access social networking sites. Perhaps even more disturbing is that 33 percent of the companies included in the survey were infected by malware distributed through clickjacks.

The easiest solution is for employers to block Facebook, Myspace, and similar sites. Businesses that rely on these sites to communicate with their customers, however, might not have this option. Instead, they should focus on educating employees about the dangers of clickjacking and ways that they can protect their computers while logged on to social networking sites. In addition, using reliable antivirus software and scanning your computers for harmful files regularly can improve performance and stop malware from causing problems.