Malicious widgets

You've heard of malicious Web sites – sites people go to by mistake which upload malicious software to their computers. Well, now social networkers need to be aware of malicious widgets. [Widgets are those mini applications people use to add fun and functionality to their profiles – e.g., a slide show, a music playlist, a map of where they've been, reviews of favorite books, a personal avatar, code that lets people call your cellphone from your profile, a blood alcohol content calculator (citing Andonomics data, Forbes reports that, "on Facebook alone, users have installed nearly 13,000 widgets approximately 765 million times").] "Secret Crush" is an example of a malicious widget – a rather mild one that's an indicator of what's to come, experts say. "Disguised as a legitimate 'Secret Crush' request" that tells a Facebook user that another user finds him or her attractive, PCWorld reports, what it really does is "secretly install an adware program made by Zango after it has been successfully downloaded." PCWorld says some 3% of Facebook's nearly 60 million users have downloaded it and, of course like all widgets, it's viral. "The Secret Crush program also tries to lure people who download the file to pass it along to other Facebook members they know." This is called "social engineering," coming up with just the right words, whether scary ("your account has been compromised") or compelling ("check out this cool party video"), to trick people to click or download. Malicious widgets are especially insidious, because "once people have been pushed into installing an application, it's easier to ask for more information to get them to finish the install," PCWorld points out. Phishers and malicious hackers too are increasingly relying on social engineering to steal money and identities. Which means it's increasingly imperative to help our kids develop their mental filters so they get better and better at detecting and blocking malicious social engineers.

Another example on the social Web is a worm on Google's Orkut social site (very popular in Brazil) apparently designed by a non-malicious hacker to show users how social networking can be "dangerous" even if they don't click on something. What it does is send some Orkut users "an email telling them they had been sent a new scrapbook entry – a type of Orkut message – on their profile from another Orkut user. They only had to view their profile to become infected by the worm, which added them to an Orkut group" called "Infected by the Orkut Virus," PCWorld reported in another article. There there's the latest security story: "Using a hacked MySpace profile, online criminals are trying to trick victims into downloading a malicious Trojan Horse program by disguising it as a Microsoft update, PCWorld also reports. Finally, here's the UK's VNUNET's look-ahead on "cyber-gangs."

Leave a comment