Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Chain Letter Hoaxes Transform With Social Networking

InfoSecurity Europe : 08 March, 2010  (Technical Article)
David Harley of ESET describes the way that chain letters have evolved since the last decade as social networking provides a new way of drawing readers
See our events guide listing for more details

The security issues around Facebook, Twitter and such have become a hot issue in recent years: most security conferences and expos currently list some Web 2.0-related presentation, or list social networking as a topic of interest in a Call for Papers. More generalist events and publications seem to waver between the need to restrict corporate access to such media and the need to make more use of them. Admittedly, there's been much coverage of high-profile incautious disclosure of profile information (for instance) by the likes of the Head of MI6. However, there's an equally pressing issue that hasn't attracted sufficient attention: the avalanche of incoming misinformation.

I've had a professional interest in chain letters and hoaxes since the 1990s, when Good Times and other virus hoaxes ran wild over Internet messaging services, generating mailstorms that gave systems administrators almost as many headaches as real malware. In fact, I sometimes think that the pseudoscience of memetics and "viruses of the mind" are almost more interesting than real malware because you can concentrate on the psychological mechanisms that drive both the hoaxer and his victim without being distracted by the technicalities of malicious code. Therein lies their appeal, of course: not everyone can code a Trojan, but anyone at all can invent a hoax.

In recent years, hoaxes have diversified: we see fewer virus hoaxes and "Bill Gates is sharing his fortune with anyone dumb enough to forward this email", and more of the kind of chain letter that extorts emotional engagement on the part of the recipient: tsunami hoaxes, photographs of missing children, wear red to show you support the troops, and so on. And, of course, there are new propagation channels.

Twitter has become a hotbed of instant rumours about celebrity deaths, non-existent dramas and disasters, and fake "Amber alerts" about kidnapped children. Facebook has less immediacy in the hoax department, but more persistence. For example, a number of Facebook pages have sprung up around myths and semi-myths that have previously circulated as chain emails, suitably modified to suit the Facebook environment. Others have reinvented the virus (semi-)hoax: for example, the Unnamed Application "spybot" that may have originated in more than one event, but appears to have been primarily due to a Facebook bug. (Though there is plenty of scope for malicious code in those FB applications so many people sign up for because their friends did.) But don't get the idea that all Facebook hoaxes are irritating but harmless fictions.

Cybercriminals, who are perfectly happy to make money any way they can, realized long ago that anything that creates a stir on Facebook or Twitter can be used for SEO (Search Engine Optimization) poisoning. In other words, if you start looking in Google or Bing for search terms like (in this instance) "Unnamed application", they make sure that the first results you get will be links to malicious sites. Most hoaxes are malicious, but they're also frequently linked to malicious code in ways you might not have thought about.

Eset is exhibiting at Infosecurity Europe 2010, the No. 1 industry event in Europe held on 27th - 29th April in its new venue Earl's Court, London. The event provides an unrivalled free education programme, exhibitors showcasing new and emerging technologies and offering practical and professional expertise.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo