Hackers infiltrate search engines, social networks

Online communities become vulnerable when hackers move in.

ByJon Swartz, USA TODAY
February 9, 2009, 9:27 AM

SAN FRANCISCO -- Consumers who use search engines, online social networks, browsers and the like face a gantlet of viruses and malicious software code, according to a cybersecurity report from Symantec, issued Tuesday as security experts gather here for the sprawling RSA Conference on tech security.

The repercussions go beyond the loss of personal data, security experts say. As more consumers are victimized, it could undercut their confidence in legitimate websites, says Billy Hoffman, manager of Hewlett-Packard Security Labs.

Previously, hackers were more likely to use e-mail with attachments to steer victims to virus-tainted websites. Now, they are implanting their links on legitimate websites.

In all, Symantec detected 711,912 threats last year, compared with 125,243 in 2006.

The malicious attacks — including recent exploits of users of Google, Facebook, search engine Mozilla and others — are designed to steal user credentials or launch bigger attacks through the victim's social network of contacts, says Alfred Huger, vice president of engineering at Symantec.

"Rather than set a bear trap — a porn or get-rich-quick site loaded with malicious code — to entice users, hackers are actively hunting by injecting their bad stuff on trustworthy sites," Hoffman says.

Among the most frequent targets:

•Search engines. Cybercriminals are using a chink in Google's website to redirect unsuspecting PC users to sites containing malicious software. When someone does a Google search, they are redirected to what appears to be a legitimate website. The site, in fact, is tainted with malware.

Google says it is fixing the problem.

•Browsers. Mozilla, considered a safer alternative to Microsoft's Internet Explorer, is not immune. In the last six months of 2007, there were 88 vulnerabilities reported in Mozilla browsers, compared with 34 in the first half, says Symantec's report.

•Social networks. Hackers are intensifying their efforts to compromise social-networking sites using unsecure Web 2.0 technologies to load malware onto the PCs of consumers. Indeed, the number of compromised sites is "slowly outnumbering malicious ones created specifically by cybercriminals," the report says.

In one breach, a widget application on Facebook that promised to tell members who had a secret crush on them instead tried to trick them into downloading spyware. The scam was discovered by security firm Fortinet.

Meanwhile, the latest of three computer worms wriggled into Google's social-networking service, Orkut, in February.

Like a worm in December, this one spreads through comments that are typically posted on a user's profile, says Robert McArdle, an anti-virus specialist at Trend Micro.

•Calendar. Scammers are sending personalized e-mail as meeting invitations in Google Calendar. Since each e-mail has a different link for each recipient, it is harder for spam filters to detect anything wrong, says Jamz Yaneza, research project manager at Trend Micro.

The e-mail informs victims that they have inherited or are due a large amount of money from an unlikely source. The spammer asks the victim to pay a nominal fee to cover the transfer of the alleged inherited funds.

Google support has been notified by security firms, and it is blocking accounts used in the scam.