Malware findings 2007: Social networking security concerns

According to FaceTime Security Labs, the increasing threat over this past year has been the boldness of a growing underclass of glory hackers on social networking sites such as MySpace. The danger to corporate networks lies within the growing tendency for workers to blur their work and personal lives, often surfing these social networking sites on their work PCs and so exposing the organization to information loss, inbound malware threats and compliance risks.

In November 2007, The Bandjammer Trojan ran rampant through MySpace music profiles. Once a band’s MySpace page had been hacked, an invisible background image was created that linked to a dangerous site. Visitors to the hacked profile had their browsers hijacked, with the Trojan installing fake toolbars warning of a possible spyware infection, which included a handy link to click for a free scan which in turn took victims directly to various porn sites.

In the height of the holiday season, many MySpace users received a friend request from a “fake Tom,” with the promise of free ring tones. The messages appeared to be from Tom Anderson, president and co-founder of MySpace, who users meet as their first friend when signing up for a MySpace profile. MySpace quickly deleted the fake profiles, but hackers quickly regrouped with new fake profiles sporting Tom’s famous profile photo associated with random first names.