Stay Safe on Social Networks

Social networks are getting more popular and people around the world are using Facebook, Twitter, YouTube and other social networks daily. There are good sides of social networking like you could share your knowledge and discuss about topics which are you interest to the world. Companies also relay on social networks to promote their products and news and to get feedback from people in order to improve their products and services. However, there are dark sides in social networking which you should be aware of. One of the biggest challenge of social network is there is no practical way to verify identity of a user. Consider Facebook for example, when you create a new account, you could enter any detail that you want. You could enter wrong details about your age, name, country of birth, etc. There is no one asking you to enter your identity card and do verification and checking. There are many people who take advantage of this issue to finding victims on social networks. To be able to protect yourselves and your identity, it is recommended to follow these practices:

  • Control what you share: Sharing is good, you might visit a new places, find new adventures and you want to share it with your friends and family which is good but you have to make sure you don’t share too much information on social network. You could trust your friend and family but imagine one of your friend’s Facebook account been hacked and cybercriminals have a full access to all of his or her information, which means they could also see everything you have been shared with your friend. So think before share and do not share personal and private information on the social network even though your friends are already know them.

 

  • Be careful when you find a new friend online: Of course you should be careful when you find a new friend whether it is offline or online. But you should be extra careful when you find friends on social network. It is good idea to check their identity and do a verification before you accept new friend and share your details. Cybercriminals tends to do a research on victims and create a profile with interest similar to the victim. For example, if they know you like movie A, B, C and you traveled to country X and Y. They will create a profile with similar interest and they attempt to approach you in that way. Remember, social networks never ask you to present your identity card and you could enter whatever information you like and even everything is fake, no one is there to verify. In addition, the moment you share you information with someone or accept their request to be your friend, you couldn’t take back what you share easily. For one example even though you remove them as your friend and block access to all shared files, they might already downloaded your photos and personal information in their PCs.

 

  • Verify your existing friend: There are many people with same or similar family name and name or there are people who want to pretend to be someone on internet. If your friend has a Facebook account, it is good idea to verify that the Facebook user or account which you are connecting to is really belongs to your friend and if you receive invitation from your friend to add you to Facebook, verify it is really come from your friend and not someone with the same name or in worse case, a cybercriminal.

 

  • If you are parent , control your child: Some parents are very restrict with their children and they won’t let them to get involve in social network at all , while others give their children too much freedom and they don’t care about what they are doing. Both cases are not a good practice, social network is not very dark so you could take advantage of it to learn new things, while it is not very light that you could fully trust it and there are dark sides. You should have a trusted control on your children’s social network activities. There are good recommendations post on Microsoft Family Safety website.

 

Social networking is great and it is new opportunity to connect to the world. However, you should be careful when you are using social networks. Following simple rules and practices will make your social networking experience even better.  

Link to Malware from YouTube

YouTube is a website that people could upload video and watch video. It becomes popular nowadays and many of internet users visit that website. However, popular things for users also are popular things for bad guys, because they want damage more people. Therefore, bad guys again try to plan something against internet users and try to harm them. Here is one of the examples of how bad people try to get advantage of websites such as YouTube to harm you. Have a look at image below; it is one of the examples of attack.

 

 

 

 On the right side of this page it is a link to a website that contains Malware (don’t look for it I removed that part). First question that you should ask before click the link is ‘why this content will remove?’ What user usually does is that click the link (that they should not) and link to a website similar to below one.

 

   

Here is when the real story will began, the website ask you download an Active X, look at Active X message carefully, it is not from Windows, because ActiveX in Internet Explorer is blue bar on the top not this message. If you click on continue it will install a Malware for you and that easy you will infected. See how far you go, from watching video in YouTube till downloading Malware. Again Malware is Virus, Worm, Trojan, Spyware, Rootkit and all of these bad things that will harm your PC or your Privacy or both. Now let me tell you how to defend this, if you are using Internet Explorer 8, you will have SmartScreen Filter , It should block the website that contain Malware , if not then use Safety->SmartScreen Filter->Report Unsafe Website to report these bad website if they are not detect by Internet Explorer 8. Then let say you install Malware, your Anti-Virus is there to detect it and remove it for you. I recommend that in this case you also inform YouTube team about the issue by following URL: http://www.google.com/support/youtube/bin/answer.py?answer=77402

And tell them that this website links me to a Malware and put complete URL of YouTube website that contain Malware. Do not trust any one and any link, make sure you that if you are visiting a Video in YouTube website, you will see it right there and not in external link or website or do not trust links that say that to view complete Video visit following website. Internet Explorer 8 and Anti-Virus are there to help you but you must be careful and report any suspect security issue to person in charge of Security in website, in this case YouTube Security Team.

Protect against facebook’s hack.

I believed that many of you are using Facebook and you have a Facebook account. I am going to discuss about Facebook security. How to keep your Facebook account safe and secure against threats. Facebook account will associate with an email address, which means that you should have email address account and then provide it as username in Facebook and you have password. These are all you need to be able to log on to your Facebook, but many bad things could be happen. Let me give you some scenarios:

 

1)      Your friend told you that I received a strange message from your Facebook or something strange has been post in your Facebook wall such as:  Ha Ha Ha you have been hacked  or This account hacked by … or any other message. Sometimes you will see a link to some website that contain Malware (Virus,Worm,Trojan, …) .

 

2)      Some new friends were added or some of your friend has been removed. You didn’t add or remove them but they have been removed without your knowledge.

 

 

3)      You are typing correct username or password (your Caps Lock which make alphabet capital is off) but you could not access to your account.

 

4)       Your friends ask you about messages that you never send them.

 

 

When these scenarios happen then your account probably has been hacked. When your account been hacked then it is possible that email that you have been register for Facebook might be hacked too. So let me talk about some of method of hacking Facebook and how to protect you. Firstly, when your account has been hacked mostly problem come from you not Facebook server, because hacking a Facebook user is much easier than hacking Facebook servers. In many cases hacker will look for your Facebook ID and then will try to find your IP Address that associate with Facebook ID and will send a package containing Remote Access Trojan (RAT) to your PC. What is it? when it is type of Trojan that when came in your PC give unauthorized remote access to attacker(Hacker) and hacker could take control of your PC and do whatever he or she want like what you can do with your PC (take control over Screen, Mouse, Keyboard and everything). Some of hacking software are design only for Facebook account and after RAT goes in then will scan for Password that been save inside PC and try to record it or decrypt it (open or crack password) and when it gain access then give ability to hacker to control your Facebook, like normal user. Hacker can do whatever user will do in Facebook account including add/remove friend post in wall or send an email. Just imagine you give your password and username to some of else. Having username and password would be enough to access Facebook. Sometimes software designed to automatically scan for user and hacked them and put a message automatically. These are usually called Botnets. Here is example of how they work:

1) Scan for Facebook IDs

2) Attempt to find user IP

3) Send Trojan package to that IP

4) Trojan Execute and scan for all friends in Facebook (your added friend in Facebook account that been hacked).

5) Send link to all of them (this link contain Trojan)

6) This link contain download for Trojan and your Friend will download a Trojan

7) Same process will happen for them

 

Win32/Koobface is one of the famous worms (Malware that spread over network) that affected Facebook. But don’t scare, I believe that many of people who read this scared or plan to shutdown their Facebook account. But it is not like that; first you should run Genuine Windows and Anti-Virus and update them all and keep them running. I mention that it will find your IP and send Trojan to you, but Windows Firewall is there and block it for you. Let say your Firewall is off, then your Anti-Virus will remove it. So you see very basic thing, could help you a lot. Many people have been infected with this threat. Why?

 There are three main things that will help this Worm to come to your PC:

1)      Pirate Software(non-genuine)

2)      out of date Windows/Anti-Virus/Anti-Spyware (not updated)

3)      No or Off Anti-Virus and Anti-Spyware

Internet Explorer 8 came with a feature called SmartScreen filter. If you have Internet Explorer 8 and SmartScreen Filter is on, then if you link to Malware website it will block it. As I said a Threat could send a message (a link) on behalf of compromised user to his or her friends, SmartScreen filter would help you here.

What if you already had been compromised?

People might ask that I am using Facebook and it already been hacked what should I do? Then you do as follow:

1)      If you are using pirate software then migrate to genuine one. If you are using non-genuine, security solutions only could help you for a few month not forever.

 

2)      Scan your PC for Malware and remove them:

For Windows XP

For Windows Vista and Windows 7

 

3)      Change Password for you Facebook and your email that you use to login in Facebook (Hotmail, Yahoo, etc).  

4)      If you don’t have any Anti-Malware, then you could use Microsoft’s free Anti-Malware which is Microsoft Security Essentials at : http://www.microsoft.com/security_essentials/

 

5)      If you could not reset your Facebook account , then use this following website to request reset: http://www.facebook.com/help/contact.php?show_form=account_hacked