Mediaboss Marketing

Symantec talks social-networking threats and how a new Norton Labs tool called App Advisor will stop them from attacking you.

Norton Labs' App Advisor scans your social networks for these kind of attacks, and blocks them.

SAN FRANCISCO--Symantec detailed some of the dirty secrets of Facebook, Twitter, and Google+ threats at its annual reviewers' workshop here today, and revealed a planned project to protect you from social networking manipulators.

The project from Norton Labs, currently called Norton App Advisor, combines Norton's Safe Web data with social network open API data to provide a safety rating for apps. It aims to prevent malicious apps that prey on your social network activity from collecting data on you and your friends, which Symantec representatives said was a major security concern.

"Social networks have a trust model built in, to trust posts from their friends. This trust model gets exploited by attackers, and it's difficult to distinguish between a post from a friend and a post from an attack," said Nishant Doshi, architect for Symantec's security response group that deals with browsers. He explained that the attacks are successful because they go viral, just like your latest favorite Nyan Cat video. They start small and spread fast.

There are basically three major kinds of attacks that show up on your social networking feeds, he told CNET. One is drive-by downloads, which is basically when somebody downloads ostensibly legit software that has malicious consequences for the host computer, or the malicious software download occurs without the person's knowledge.

Another threat would be a prompt to begin a download that looks like a required plug-in, such as QuickTime or Flash, but is actually malware.

The third kind of threat that Doshi discussed is a survey scam. The scam asks you to fill out a survey that looks like a legitimate personal information survey, but in fact takes your data and uses it in ways that you didn't think you were authorizing. "Once they get a [cell phone] number, they place telemarketing calls to you, sign you up for a [premium SMS] subscription service, or just sell the information [to data collection companies.] They're trying everything," he lamented.

It's essentially premium SMS spam that you've been conned into legally agreeing to.

These surveys use "gray" marketing to appear above-board when collecting personal identity data, then flip it to turn you into money, said Gerry Egan, senior director of product management for Norton. "It's a little bit like spam on steroids. If a scammer can figure out how to seed a scam on a social network, then it goes from a trickle to a flood in a very short amount of time," he said.

Follow this link:
How attacks on social networks work