While the days of e-mail viruses certainly are not over, the proliferation of social networking sites all over the world has provided many computer hackers and script kiddies alike with easy access to millions of unsuspecting computer users. For many years IT experts and administrators were able to quell the stream of e-mail viruses with the simple phrase "don't open e-mail attachments." Easy for the computer experts to say, not so easy for everyday users in practice. Just as most people ignored computer geeks when they said, "don't open e-mail attachments," likewise will all attempts at getting people to "just not use Facebook or MySpace" fail.
Below are a few solutions for those who can't give up their favorite social network and are tired of getting or sending links to free iPads to and from their Facebook friends. First let me take a moment to briefly explain how one of these many popular exploits work in the ever-evolving Web 2.0 age.
One technique rising in popularity that is used today to gain access to confidential information or to take control of a user's social networking account is called clickjacking. This technique employs layering a sometimes real web page with a another transparent layer over the top (which the user is actually interacting with). When the user attempts to click buttons on the underlying page, the transparent layer executes code that can compromise a computer system or user account.
This technique is very popular on Facebook and has exploited the Like feature with great success. Facebookers may recall the Justin Bieber phone number clickjack from earlier this year in which a user's friend may have Liked an apparent link to Justin Bieber's presumably leaked cell phone number. The unsuspecting Bieberite Liked it themselves or clicked on the link in a desperate attempt to send a text message to the teen pop star. This particular Bieber vector didn't seem to execute any viruses or malware but others utilizing this Facebook exploit have, perhaps resulting in thousands of computers being added to a spam or criminal botnet. Many may instinctively know that if J. Biebs cellly shows up on the Fbook it's probably too good to be true but there are always going to some that just can't take the chance to miss out on the Bieber digits, no matter how far-fetched the idea may be--in fact, the more far-fetched the message or idea, often the more the successful attack will be.
This technique is very popular on Facebook and has exploited the Like feature with great success. Facebookers may recall the Justin Bieber phone number clickjack from earlier this year in which a user's friend may have Liked an apparent link to Justin Bieber's presumably leaked cell phone number. The unsuspecting Bieberite Liked it themselves or clicked on the link in a desperate attempt to send a text message to the teen pop star. This particular Bieber vector didn't seem to execute any viruses or malware but others utilizing this Facebook exploit have, perhaps resulting in thousands of computers being added to a spam or criminal botnet. Many may instinctively know that if J. Biebs cellly shows up on the Fbook it's probably too good to be true but there are always going to some that just can't take the chance to miss out on the Bieber digits, no matter how far-fetched the idea may be--in fact, the more far-fetched the message or idea, often the more the successful attack will be.
So what about prevention? As most Firefox users are aware of by now, there's an extension for almost any Internet nuisance or nuance! In this case it's called NoScript and it provides great (free!) protection from clickjacking based on what is called a white list. This means that NoScript will not let JavaScript, Flash, Silverlight, or any executable content run unless the site has been approved by the user. Approval can be granted on a temporary or permanent basis, which means the program will adapt to your browsing habits (cataloged in the white list) and eventually run in the background (until it reveals itself as needed). It may seem annoying at first when you have to click an extra button or two to get YouTube videos to run or see the cool navigation bar on your favorite Foodie Blog but it is well worth it in terms of security. This also comes with the added bonus of blocking all Flash-based ads by default which can save time and money if you have a slower connection or your bandwidth is metered (a practice that is becoming increasingly popular especially over wireless networks). Flash ads also have a tendency to be amplified what seems like five or ten times the normalized volume level. Did I mention that this solution is free?
Right about now is when most computer users may say, "What's Firefox?" Hopefully that's not you but if it is, there is hope for you yet. For Internet Explorer (and Firefox users) there is a commercial (read: costs $) solution called GuardedID. I've never used this program so I can't vouch for its effectiveness or how large it is in terms of hard drive space and system resources. Microsoft also claims that IE8 comes with clickjacking protection built in, but some are skeptical of those claims.
If you haven't switched to Firefox yet, now is as good a time as any to do that.
Or, I guess you can always stop using Facebook, MySpace, etc.
