Video depicts how cybercrooks spread poisoned links on Facebook

Sophos senior technology consultant Graham Cluley has produced this illuminating video (see below) depicting how intensively cybercriminals are spreading poisoned links on Facebook.

Malicious attacks circulating within popular social networks are following a trajectory, much as e-mail phishing attacks did in the early- to mid- 2000s. Cluley is among those security experts who contend that Facebook should be doing a more thorough job of filtering poisoned links.

Jamie Tomasello , director of security operations at messaging security firm Cloudmark, says social networks have actually conditioned the behavior of users to make them susceptible to the attacks we’re now seeing.


“With the rise of the dynamic, short messages, popularized by Twitter and mobile text messaging, users have not only reduced their response time to short messages and updates within social networks, but they are more likely to respond as well,” says Tomasello.

She notes that you don’t have to be logged into the social networking site to receive updates as smartphone apps constantly alert users to Facebook updates. “Unfortunately this desire to quickly be informed of the events of the world conditions users to read and respond without taking pause to consider the consequences of their actions,” says Tomasello.

While poisoned e-mail messages have plateaued over the past couple of years, the rate of social networking scams has increased, says Gunter Ollmann, research vice president at network security firm Damballa. “It’s generally much easier to reach a large audience and fool them into clicking on a link within a social networking application than it is with embedding it within an email.”

Certain criminal organizations have spent time and resources refining specialty expertise useful for social network attacks. They are making a good living acting as facilitators, or subcontractors, if you will, for campaigns like the ones described in this video, says Ollmann.

“Things are absolutely getting worse, there is just no sugar coating this problem,” agrees Anup Ghosh, founder and chief scientist at browser security company Invincea. “The adversaries are making the user the unwitting accomplice in the breach of their own home networks and more dangerously, the breach of the nation’s corporate and government networks.”

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone