Solved

Malware and spam posts

Posted on 2012-03-13
8
574 Views
Last Modified: 2013-11-22
1)      When spam posts appear on user’s tweets/facebook posts, which wasn’t them intentionally posting spam, i.e. something/someone’s posted on their behalf  – how has it happened/appeared? Is it malware or something else? How would that malware infect the users account?
2) Is it typically malware has infected on their client first (be that PC or SmartPhone), then got on to their account, or is it just targeting their FB/twitter account, and doesn’t need to infect their Smartphone/PC first?
3) If a SmartPhone malware infected a FB account, can that same malware be evident on a desktop PC? Or aren’t malware the same for both smartphones and PC’s? I.e. if a Smartphone got malware, and that smartphone was attached to a PC – can the PC be infected.
4) If an FB account or Twitter account has been compromised and such spam posts are happening on their
5) What else aside from up to date AV definitions can you do to keep malware off your machine? Are the types of FB malware i.e. if you clicked the spam link going to infect your PC or just Smartphone?
0
Comment
Question by:pma111
  • 5
  • 3
8 Comments
 
LVL 9

Accepted Solution

by:
Timothy McCartney earned 500 total points
ID: 37714411
It's likely they were on a network while using facebook insecurely (http instead of https). I highly recommend that they change their password promptly, and go into the security settings of facebook and check the option to ALWAYS use HTTPS.

It's more likely that their account was 'hacked' rather than malware.
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 37714422
Also, you'll want to check which Facebook/Twitter 'apps' have specific rights to post on his/her wall. You can remove the rights of any applications you are unfamiliar with.
0
 
LVL 3

Author Comment

by:pma111
ID: 37714443
Thanks, when you say it was hacked rather than malware?

How would it be hacked? I.e. how come some users get hackd and others dont. As often you see the same tweet / fb update which is blatant spam for many users?

WHat have these users done wrong that others havent.

Will changing passwords do anything?

Will the apps need to be removed from the phones and then readded as I suspct they cache login credentials?
0
 
LVL 3

Author Comment

by:pma111
ID: 37714450
>>It's likely they were on a network while using facebook insecurely (http instead of https). I highly recommend that they change their password promptly, and go into the security settings of facebook and check the option to ALWAYS use HTTPS.


Can you expand on this issue in lymans terms? Are you saying the apps on smartphones typically accses FB.twitter over HTTP?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 37714457
If you connect and are logged into Facebook/Twitter using http (ie http://facebook.com rather than https://facebook.com) - Hackers have the ability to 'connect' to a user's session without the aid of password/malware, simply because the connection is insecure. Switching to HTTPS and changing your password is a must in this situation.
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 37714471
If you go into the security settings of facebook, there is an option to only use HTTPS. Without this option being selected, there are simple programs that hackers can use (one in particular is called Faceniff) A tech blog site called Lifehacker posted a great article regarding this.

http://lifehacker.com/5807740/faceniff-is-the-firesheep-for-android-hijacks-facebook-sessions-with-one-tap

Please note that I do not condone the use of such an app. I merely wish to show the ease at which such an app can take over an unsuspecting victims Facebook (and other) accounts. Please take the measures outlined in the article to prevent this from happening.
0
 
LVL 3

Author Comment

by:pma111
ID: 37714520
Do the FB and Twitter apps on smartphone use HTTP also? I.e. if the user doesnt purposelly go to www.twitter.com they just use it from their smartphone app, and thus dont even login how can you tell if thats HTTP or HTTPS?
0
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 37714534
If you have HTTPS setup in your account, then the connection will be using https for the associated smartphone apps as well.

The same cannot be said for third party apps, however if you do have HTTPS setup, and the app in question does not support it, it will not work. So if you DO have it set up, and your apps are still working just fine, then you are in good shape.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Operating system developers such as Microsoft (https://www.microsoft.com) and Apple have made incredible strides in virus protection over the past decade. Operating systems come packaged with built in defensive tools such as virus protection and a f…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now