Hackers infiltrate search engines, social networks
Online communities become vulnerable when hackers move in.
SAN FRANCISCO -- Consumers who use search engines, online social networks, browsers and the like face a gantlet of viruses and malicious software code, according to a cybersecurity report from Symantec, issued Tuesday as security experts gather here for the sprawling RSA Conference on tech security.
The repercussions go beyond the loss of personal data, security experts say. As more consumers are victimized, it could undercut their confidence in legitimate websites, says Billy Hoffman, manager of Hewlett-Packard Security Labs.
Previously, hackers were more likely to use e-mail with attachments to steer victims to virus-tainted websites. Now, they are implanting their links on legitimate websites.
In all, Symantec detected 711,912 threats last year, compared with 125,243 in 2006.
The malicious attacks — including recent exploits of users of Google, Facebook, search engine Mozilla and others — are designed to steal user credentials or launch bigger attacks through the victim's social network of contacts, says Alfred Huger, vice president of engineering at Symantec.
"Rather than set a bear trap — a porn or get-rich-quick site loaded with malicious code — to entice users, hackers are actively hunting by injecting their bad stuff on trustworthy sites," Hoffman says.
Among the most frequent targets:
•Search engines. Cybercriminals are using a chink in Google's website to redirect unsuspecting PC users to sites containing malicious software. When someone does a Google search, they are redirected to what appears to be a legitimate website. The site, in fact, is tainted with malware.
Google says it is fixing the problem.
•Browsers. Mozilla, considered a safer alternative to Microsoft's Internet Explorer, is not immune. In the last six months of 2007, there were 88 vulnerabilities reported in Mozilla browsers, compared with 34 in the first half, says Symantec's report.
•Social networks. Hackers are intensifying their efforts to compromise social-networking sites using unsecure Web 2.0 technologies to load malware onto the PCs of consumers. Indeed, the number of compromised sites is "slowly outnumbering malicious ones created specifically by cybercriminals," the report says.