Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SN spoof

Posted on 2012-03-13
9
Medium Priority
?
580 Views
Last Modified: 2012-03-14
If on facebook/twitter etc you see an update or post from a freind/contact that looks like spam, i.e. looks like they are selling something for say a drugs company with a link to a website. And then you ask why they are posting that and they say they have no idea it was not them, how could/has their account been “hacked” so to speak. I.e. what has the user done to get infected, or is there a list of how it may of happened? And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future. Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 37714244
> .. can you restablish control of the account and ensure it doesn’t happen in future.
if you mean their (the other) account, hopefully not
*you* cannot ensure that things go wrong, for that the site owner (fb, tw, etc.) is respnsible
to get rid of such threads you best do not sign in and block any webugs they use elswhere :)

> Could it be a targeted attack  ..
could be: yes, there are some such attacks know in the past

> .. can post spam or other such rubbish?
who defines "spam", "rubbish"?
if you have your definition set up, then it's up to you to bann SN, if you don't agree with their definition, don't use it, which is up to you again
0
 
LVL 3

Author Comment

by:pma111
ID: 37714310
No, I mean if user A's account has appeared with 20 spam posts or tweets that wasnt them, what does user A need to do to stop this happening to them again? If anything? Change password etc?
0
 
LVL 65

Assisted Solution

by:btan
btan earned 1000 total points
ID: 37714320
what has the user done to get infected, or is there a list of how it may of happened?
>>User would have clicked on the URL in the email? Directed to an site to fill in more details that include email credentials or related PII? If user is having admin rights for the machine, the process may have already download some appl and run in background...or it can even be some evercookie type downloaded into the system to track your surfing behaviour...

And how if somehow some malware is abusing their account for spam postings can you restablish control of the account and ensure it doesn’t happen in future.
>>If it is google, I recall they have last login and would spell some hints esp if user has never login in that period. Worse is now web email has "stay login for a period", it may be calling some API supported by the yahoo or google email to upload info or manipulate further.Recall something like that in GhostNet saga....But the send box may have some traces of that...it would also be the source is spoofed though sending using your email signature (need to check email header)

Could it be a targeted attack i.e. target the users account perhaps password crack, or how else does malware infiltrate a SN account so they can post spam or other such rubbish?
>> yes maybe but for it to be targeted, are their values from the spam point of view. None but i see targeted attack more of stealthy rather than being "loud". Their intent maybe to get more spambot or build up their distributed botnet. Likely the weak password or guess the secondary help question has allow entry....
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 3

Author Comment

by:pma111
ID: 37714325
>>who defines "spam", "rubbish"?


I mean, if user A's tweet appears to be selling a weight loss pill, they (user A) werent tweeting about weight loss pills, something has done that on their behalf under the guise of their account, then subsequently I and I think anyone would see that as spam on their wall that they didnt intentionally put there.
0
 
LVL 3

Author Comment

by:pma111
ID: 37714354
>>>>User would have clicked on the URL in the email?

I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?


For spam posts to be appearing on your FB wall/tweets have you always 100% got some malware running on the device you access FB/twitter from?
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37714432
> .. subsequently I and I think anyone would see that as spam ..
no, definitelly not!
at least the vendor selling that pill ;-)

> .. that they didnt intentionally put there.
is there anything in such SN which is put their by intention and under full control of a user? I doubt
the business model of all SN is to flood advertising in the hop that the vendor who advertises pays for that
otherwise you may go for a contract with a SN vendor and then make a law suite if your account got wasted

personally I don't see any benefit in making an "ill by design" system healthy, however: if I get well payed for it ... ;-)

sorry for a bit sarcastic answers, but actually it's hopeless to tell (most) SN vendors to respect user's privacy, rights or even security and hence very difficult to make the user account work as you (and most intelligent humans) expect, it's a system adicted to shareholder value only, make your own opinion about it
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37714451
> I dont know if theres been any email. Can you get infected without clicking any malicious link? If so how?

yes
in much more worse: you can get infected by just visiting a web site without anything clicking

> ... got some malware running on the device you access FB/twitter from?
and how about malware on SN? or a combination of both? such things are still in the wild ...
0
 
LVL 65

Expert Comment

by:btan
ID: 37714528
koobface is one famous worm spread using facebook, social media is good leverage
http://blog.trendmicro.com/new-variant-of-koobface-worm-spreading-on-facebook/

interesting video - http://www.youtube.com/watch?v=oBMLt1G6qxU
> flood of junk posts is thrown onto the wall, come in fast and goes away

Below are other info on facebook mechanism for detection

a) Some Facebook assistance below.
>Facebook's Roadblock tool can help verify your identity and secure your account against the spammer. http://www.facebook.com/hacked/
>If a scammer gained access to your account password via phishing attack, you can fill out Facebook's phishing report http://www.facebook.com/help/identify.php?show_form=account_phished
> Provides a separate form for reporting a malicious link or websitehttp://www.facebook.com/help/contact.php?show_form=report_phishing

b) Implement a two-step login process. If you enable this feature, Facebook will send a verification text to your mobile device before allowing access from the new location.
https://www.facebook.com/notes/facebook-engineering/introducing-login-approvals/10150172618258920
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 37714686
> .. gained access to your account password via phishing attack,
well phishing is always a layer-8-problem (layer 8: the person sitting infront of the screen)

things are different if the website itself is insecure in that way that it allows website spoofing where the user is not able to detect the wrong site

phishing is a threat you cannt do anything against, except take care means educate the user
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question