Beware of Malvertising on Social Networking Sites

The use of social networking sites, such as Facebook, MySpace, Twitter and blog sites, rose significantly in 2009 and will likely continue to do so this year. In fact, according to Rob Housman, Executive Director of the Cyber Secure Institute, over 300 million people actively use Facebook, and Twitter is growing at a staggering 1382% each year! That is a lot of exposure and hackers are taking full advantage of this opportunity by creating new ways to disseminate malware/spyware through these sites.

One such method that has become an increasing threat is the use of malicious advertising, now commonly referred to as “Malvertising.” Malvertising consists of placing publicity material on web sites or social networking sites that incorporates a direct or indirect link to the installation of malicious software. In this way, each person visiting the web site where the online advertisement was placed becomes a potential victim.

A great way to avoid malicious software being spread this way is for your company’s users not to visit these sites except for specific businesses purposes. Limiting use of social networking sites to business-related activity can help limit your exposure to these risks. At the very least, you should NEVER download any software program where you are not 100% sure it is from a trusted source.

The Google Online Security Blog provides some additional simple tips to help avoid becoming a victim of malvertising:

• Make sure your company’s browsers, operating systems, software and plug-ins are all updated regularly. 3D ProActive™ Managed and 3D ProActive™ Partner clients receive many of these updates on a regular basis as part of their automated maintenance.
• Be aware that malware can be disguised as antivirus/antispyware software in order to trick people into buying or downloading it. Fake (and harmful) software of this kind is known in the web security community as “rogue security software.” To avoid getting tricked, always research a company’s reputation before downloading its software or visiting its website, and be wary of unexpected warnings from products you haven’t installed yourself.
• Exercise caution whenever you’re prompted to download an email attachment, follow an instant message link, install a plug-in, or download an unfamiliar piece of software.
  3D provides a variety of security solutions to protect businesses from falling victim to malvertising and many other network threats.

For more information on how 3D Corporation can provide security solutions to protect your business from potential malware, spyware, and other threats to your network, visit our website at http://www.3dcorp.us/, email us at info@3dcorp.us, or call us at (360) 671-4906.

References: “2010: Cybercrime Coming of Age” white paper – January 2010; “Protecting Users and Ads from Malware”, Google Online Security Blog; “Cyber Secure Institute Statement on Malware Explosion and Social Networks”, Ad Ops Online