SN spoof

If on facebook/twitter etc you see an update or post from a freind/contact that looks like spam, i.e. looks like they are selling something for say a drugs company with a link to a website. And then you ask why they are posting that and they say they have no idea it was not them, how could/has their account been “hacked” so to speak. I.e. what has the user done to get infected, or is there a list of how it may of happened? And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future. Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ahoffmannCommented:
> .. can you restablish control of the account and ensure it doesn’t happen in future.
if you mean their (the other) account, hopefully not
*you* cannot ensure that things go wrong, for that the site owner (fb, tw, etc.) is respnsible
to get rid of such threads you best do not sign in and block any webugs they use elswhere :)

> Could it be a targeted attack  ..
could be: yes, there are some such attacks know in the past

> .. can post spam or other such rubbish?
who defines "spam", "rubbish"?
if you have your definition set up, then it's up to you to bann SN, if you don't agree with their definition, don't use it, which is up to you again
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
No, I mean if user A's account has appeared with 20 spam posts or tweets that wasnt them, what does user A need to do to stop this happening to them again? If anything? Change password etc?
0
btanExec ConsultantCommented:
what has the user done to get infected, or is there a list of how it may of happened?
>>User would have clicked on the URL in the email? Directed to an site to fill in more details that include email credentials or related PII? If user is having admin rights for the machine, the process may have already download some appl and run in background...or it can even be some evercookie type downloaded into the system to track your surfing behaviour...

And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future.
>>If it is google, I recall they have last login and would spell some hints esp if user has never login in that period. Worse is now web email has "stay login for a period", it may be calling some API supported by the yahoo or google email to upload info or manipulate further.Recall something like that in GhostNet saga....But the send box may have some traces of that...it would also be the source is spoofed though sending using your email signature (need to check email header)

Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
>> yes maybe but for it to be targeted, are their values from the spam point of view. None but i see targeted attack more of stealthy rather than being "loud". Their intent maybe to get more spambot or build up their distributed botnet. Likely the weak password or guess the secondary help question has allow entry....
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

pma111Author Commented:
>>who defines "spam", "rubbish"?


I mean, if user A's tweet appears to be selling a weight loss pill, they (user A) werent tweeting about weight loss pills, something has done that on their behalf under the guise of their account, then subsequently I and I think anyone would see that as spam on their wall that they didnt intentionally put there.
0
pma111Author Commented:
>>>>User would have clicked on the URL in the email?

I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?


For spam posts to be appearing on your FB wall/tweets have you always 100% got some malware running on the device you access FB/twitter from?
0
ahoffmannCommented:
> .. subsequently I and I think anyone would see that as spam ..
no, definitelly not!
at least the vendor selling that pill ;-)

> .. that they didnt intentionally put there.
is there anything in such SN which is put their by intention and under full control of a user? I doubt
the business model of all SN is to flood advertising in the hop that the vendor who advertises pays for that
otherwise you may go for a contract with a SN vendor and then make a law suite if your account got wasted

personally I don't see any benefit in making an "ill by design" system healthy, however: if I get well payed for it ... ;-)

sorry for a bit sarcastic answers, but actually it's hopeless to tell (most) SN vendors to respect user's privacy, rights or even security and hence very difficult to make the user account work as you (and most intelligent humans) expect, it's a system adicted to shareholder value only, make your own opinion about it
0
ahoffmannCommented:
> I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?

yes
in much more worse: you can get infected by just visiting a web site without anything clicking

> ... got some malware running on the device you access FB/twitter from?
and how about malware on SN? or a combination of both? such things are still in the wild ...
0
btanExec ConsultantCommented:
koobface is one famous worm spread using facebook, social media is good leverage
http://blog.trendmicro.com/new-variant-of-koobface-worm-spreading-on-facebook/

interesting video - http://www.youtube.com/watch?v=oBMLt1G6qxU
> flood of junk posts is thrown onto the wall, come in fast and goes away

Below are other info on facebook mechanism for detection

a) Some Facebook assistance below.
>Facebook's Roadblock tool can help verify your identity and secure your account against the spammer. http://www.facebook.com/hacked/
>If a scammer gained access to your account password via phishing attack, you can fill out Facebook's phishing report http://www.facebook.com/help/identify.php?show_form=account_phished
> Provides a separate form for reporting a malicious link or websitehttp://www.facebook.com/help/contact.php?show_form=report_phishing

b) Implement a two-step login process. If you enable this feature, Facebook will send a verification text to your mobile device before allowing access from the new location.
https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920
0
ahoffmannCommented:
> .. gained access to your account password via phishing attack,
well phishing is always a layer-8-problem (layer 8: the person sitting infront of the screen)

things are different if the website itself is insecure in that way that it allows website spoofing where the user is not able to detect the wrong site

phishing is a threat you cannt do anything against, except take care means educate the user
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.