Here we go again! Just over a week ago there have been many Acai Berry tweets being sent throughout Twitter from bogus accounts. These Twitter messages are promoting a free trial of an acai berry dietary supplement. Security experts say that social-networking spam is particularly effective because it can’t be filtered at the corporate firewall and appears to come from a friend of the recipient.
These messages aren’t coming from friends you may know, as these accounts were hacked. Not only hacked accounts are spreading the dietary supplement, but they’re also coming from new squatted accounts created months ago. This strategy allows the spammer to build up followers before tempting their trickery.
However, these links that are shortened can fool anyone into believing they’re legitimate, but think again. The links are going to websites that are full of Malware.
Here are some facts about Malware infected sites:
Web-based Malware more likely to be found on older domains
The common assumption that most web-based Malware resides on less reputable websites, perhaps touting adult content, was called into question when MessageLabs Intelligence identified that cybercriminals appear to be more likely to hide malicious content on older domains that have been well-established, but perhaps compromised or Malware being hosted in breach of their terms of use. The latter being typical of domains connected with social networking environments, providing mainly user-generated content.
MessageLabs Intelligence data3 from the week of 5 May 2009 revealed that:
- 84.6% of website domains blocked for hosting malicious content are well-established domains that are over a year old
- 15.4% of domains blocked are domains that are less than a year old
- 10.2% are domains that are less than a month old
- And 3.1% are domains that are less than a week old
Older domains are almost certainly more likely to be well-established and more reputable, and the likelihood that they are legitimate sites that have been compromised in some way is increased.
Domains that are only a week old or less and implicated in hosting Malware are more likely to be temporary sites set up with the sole purpose of distributing Malware or spam, such as in the numerous domains that exist solely to distribute rogue anti-spyware or anti-Malware products.
Very new sites are often found to be used by affiliates, in order to redirect visitors to another site. This helps to ensure that they receive payment for any click-thrus that their sites generate, but sometimes they will include drive-by attacks, using hidden HTML IFRAME exploits, for example.
Be extra careful before clicking on any link on any of the social networks.
It’s kind of a pain sometimes, but I’ve been using the Firefox NoScript add-on. You basically have to authorize every website you go to, and any script executions on it. It’s a pain because a lot of sites use multiple scripts, so for example, if you’re registering for a site, you have to allow the main site, the captcha, the cdn, etc. But it also warns you if there is something malicious, which is the important part.
~ Kristi
Kristi,
I use the same add-on, but I also use my WOT add-on as well.
I can’t imagine anybody being too scared that you have authorize every single script that comes your way on the internet. Reminds me of my first install of Zone Alarm! What a pain!!
However, I am using the “bit.ly preview FF addon” and it at least shows the full URL of practically every tinyURL seen on the social sites …
Hart,
Like everything else, just take precaution and look before crossing or clicking in this case.
While NoScript is controversial lately, I pretty much agree with Kristi . . . it’s a pain but a very useful tool in the layered defense arsenal, especially if you’re visiting suspicious sites (which Frank and the rest of us WOT raters do a lot).
However, I do have to add that when I am having problems navigating a legitimate site, NoScript is frequently the culprit. I use the x10 free hosting site for building my brother-in-law’s web site (a work in progress), and the pointer was flashing and blanking out and I wasn’t able to navigate the x10 control panel. Even though I had whitelisted the site in NoScript, I still suspected it. When I disabled NoScript completely, the erratic behavior stopped.
Of course, I re-enabled NoScript when I left the site.