I attended a seminar the other day about "drive-by downloads" in social networks given by the editor of threatpost.com. See this link:

http://threatpost.com/en_us/blogs/malware-abundant-twitter-urls-102909

Basically, the premise is that the shortened URLs your see produced by Twitter (a Tweet is limited to 144 characters) can go virtually anywhere. You have no way of knowing whether the URL is connecting to a legitimate site, or not. Malware producers are creating dummy pages that may look like real sites, but when you click and navigate to the site, a malware "package" is downloaded in the background. This "package" can contain a keylogger, SQL query vulnerability scripts, data miners, etc. Twitter is now considered to be the most dangerous of all the social network sites, but the others aren't far behind.

Beware what you click!

As far as I know this is mainly a Microsoft problem. Apple and Linux are not normally affected.
On a number of ocasions when browsing the less safe parts of the net I have had my web browers trying to tell me that my PC is infected with viruses and I should install a new free program. The small but important fact that I'm running Linux appears to have slipped the notice of the mallware pushers.

I have to be a little less smug than normal because I have just installed W7 on this netbook. Normaly I would only be using Microsoft for gaming, so no web browesing ot Twitter for that matter... The netbook is well covered by AV and well get wiped sooner rather than later so I'm not too conserned.

As normal people should be aware of that they are doing...


PS no I have not gotten the spellchecker sorted...

Dennis Fisher (the guy who did the seminar) mentioned that this stuff is browser-based, and it's malware, not viruses. So, it's not detected by 'normal' A/V products that don't have anti-malware software. There's no real "signature" for heuristic-oriented software to trace and hone in on. He also mentioned that MACs and Linux are not immune, and that the browser with the best chances is Firefox with the Noscript plugin installed. IE, Opera, Safari, and Chrome are all big targets of this stuff. This is stealth script software. Even if you're running a MAC or Linux, what these "packages" are doing is collecting data, and springboarding. This particular malware usually doesn't harm the host upon which it's installed ... it just uses it to, for example, generate thousands of false Twitter accounts (or, as many as it can before it's caught). It's relatively benign to the host. His message was: complacence regarding operating system immunity is misplaced. In addition, the big online games are now being targeted by these guys: WoW in particular. Real money exchanges hands in WoW, and, an added bonus is that a lot of gamers use their screen names and passwords elsewhere.

Beware what you click!

LOL - thats the all problem!!! You dont know where you are going when you click.

Solution: DONT CLICK - Actually, dump Twatter all together, its the worst piece of "social networking" invention i ever seen.

Best practice is to trust who you are following

I'll click a link RudeDog puts up without even thinking about it and I'll usually always pass on a link posted by someone I don't know all that well.

Also, I look at the URL -- tiny, bit.ly, etc, etc -- I won't touch those. I will use fpsurl.com and codurl.com and pstiny.in ( cause I run those and review the back-end logs daily )

I was in the process of changing twitter desktop clients to one that supports expanded urls when you over over them so you know what you're clicking on.

However I've been sidetracked with trying to cleanup the gaming rig and putting Win7 on it, as well as I only browse twitter via my Mac :hand:

I recommend a clean break, the PC you use for gaming should be separate from what you use for everything else.

For Rude it's easy, he has an Apple. Me, I use a netbook and a separate partition with Ubuntu installed on my my Gaming Rig.

So gaming is best done on a PC running Windows, probably Windows 7 I still like Win XP x64 but I'm odd. For everything else you do with a computer you need to be using anything but Windows, If you have very deep pockets you use Apple. If your a bit canny you use Linux. Probably ubuntu, cos all of the cool people use it...

PS the more I use W7 on this netbook the more I like it, this is very disappointing for a Linux fanboy.

Solution: DONT CLICK - Actually, dump Twatter all together, its the worst piece of "social networking" invention i ever seen.

...amen

I recommend a clean break, the PC you use for gaming should be separate from what you use for everything else.

For Rude it's easy, he has an Apple. Me, I use a netbook and a separate partition with Ubuntu installed on my my Gaming Rig.

So gaming is best done on a PC running Windows, probably Windows 7 I still like Win XP x64 but I'm odd. For everything else you do with a computer you need to be using anything but Windows, If you have very deep pockets you use Apple. If your a bit canny you use Linux. Probably ubuntu, cos all of the cool people use it...

PS the more I use W7 on this netbook the more I like it, this is very disappointing for a Linux fanboy.

I use SuSe, and your right no one thinks I'm Cool!! :D

Win 7 is really nice, could be and eventual Mac Killer.

You mess with Twitty Bird, eventually you you get pupe on your head

twitter is a great way to get news out ASAP and I do occasionally bitch at people in the airport(s) via twitter but I try and keep it "work related" -> PC gaming news

I stopped using Twitter when my ex-wife popped up as a "friend of a friend". You can clearly block that sort of thing, but it gave me pause (uh, my ex-wife would give Rambo pause) to think about exactly what information about myself I'm flinging out into the ether.

I don't keep antivirus installed on my computer. Occasionally I'll install it and run a scan, but I only download from trusted sites. I do run CounterSpy, which is very good at detecting and blocking the types of problems listed here. I also use FireFox so I have no problem with my PC. I use one PC for gaming and webbrowser (and everything else).

I don't keep antivirus installed on my computer. Occasionally I'll install it and run a scan, but I only download from trusted sites. I do run CounterSpy, which is very good at detecting and blocking the types of problems listed here. I also use FireFox so I have no problem with my PC. I use one PC for gaming and webbrowser (and everything else).


Please install Anti-Virus software, all of that spam in my inbox comes from PC's running windows that do no not have AV installed!

Please install Anti-Virus software, all of that spam in my inbox comes from PC's running windows that do no not have AV installed!

I get zero spam in my inbox. Must be the sites you are visiting. ;)

I'm not making myself clear, sorry. There are billions of spam emails arriving in inboxes around the world. This spam is delivered by PC's running windows that don't have adequate anti-virus protection. These PC's are often un-patched as well which just makes it worse.

I'm not saying that you PC has become infected and is acting as a spam bot but you are running a much-much greater risk.

As general rules of thumb for computers connected to the net.


Never run an unsupported OS (Win95/8/Me)
Always keep your OS and software current with patches and up-dates
Run behind a NAT router
If you are running Windows you should have full time AV
If your running MacOS or Linux run AV scans on anything you might upload/download to/from WinUsers
always read the URL of any site where you have to login or show any personal details.


I'm sure there are more "rules" we can think of but not running active AV is dumb, sorry.

I haven't had a virus in years. I install Norton AV every once in a while and run a full scan, just for S&G. I don't keep it on all the time because it affects PC games too much, usually in the form of lag. I don't go to questionable websites. I don't download every app I find on the internet. I don't torrent. I don't download MP3. I don't download movies. None of the classic indicators of virus contamination are present. If you get viruses, key loggers, etc, then you are just a slopping PC user.

My computer runs smooth with absolutely no slow downs or odd behavior. Counterspy runs all the time. About all I ever end up with is minor data mining cookies that are looking for surfing patterns so some websites can target ads to me.

I've been using computers since 1984 when a 4 color monitor was the cutting edge of technology. To use my first dial up modem at 1200 baud, I had to write a terminal program in BASIC. I am well aware of the dangers on the internet and I know how to avoid them.