With over three million Indian users on Google+, the site is fast becoming the new rage with the social networking crowd. However, Beware! Security solutions provider, Kaspersky Lab has warned Internet users of targeted attacks on the social networking site.
Even Experian data suggest that social media in India reaches out to 60 per cent of the online Indian audience and with Google+ still in its beta phase it is fast becoming a hunting ground for cybercriminals.
Fabio Assolini, malware researcher, Global Research and Analysis Team at Kaspersky Lab says: “Kaspersky Labs have identified Brazilian cybercriminals who have already started sending fake invites (to open Goggle+ accounts) with malicious links pointing to malware, specifically Trojan bankers."
The fake invites contain infected links that redirect the user to a very common Brazilian Trojan banker file hosted at Dropbox (file sharing site). The most interesting thing to note in this message, however, is another link pointing to a form hosted at Google Docs, a free online Office suite.
The message shows the link as “send the invitation to your friends” but it is actually a fake form created to collect names and e-mail addresses of new victims. Kaspersky Lab has reported this malicious file and the fake web form to Google.
Within weeks of the launch, Google+ has reached about 20 million users, according to ComScore data. While Google+, say company executives, is still being tested with a closed group of users, some of its built-in features like Circles (where user segregates friends and followers) have serious privacy flaws.
“One of the main features of Google+ is Circles, the possibility to easily share the right content with the right people. However, once the content has been shared to a Circle, anyone can share it by default to other Circles. It boils down to the fact that the tagging feature can be bypassed by using the reshare option," says George Lucian Petre of security software provider BitDefender.
“Let’s say user “A” shares a picture only with their “Close Friends” circle, and disables resharing. All it takes is for someone from that “Close friend” circle to tag a person from outside this circle in the picture. Once this has been done, that person can share the picture with anyone, in any way."
Once someone has access to a picture they can save it and redistribute it, the underlying concern here is that Google+ is promoting Circles as a way to be selective about how you share content, yet sharing with other Circles is too easy.
The introduction of new social networking sites creates a haven for cybercriminals. Symantec observed that while the attacks on Facebook declined in the last two months, there was a rise in attacks on Twitter that gradually waned out, followed by a surge of attacks on YouTube. “The average life span of each social network spam attack is between 15 and 20 days," say experts at Symantec.
Facebook has been a favourite for spammers. The newest security scare on Facebook centers on a fake application called “Google+ Direct Access”. It prompts users to visit a page on the site that they need to “like” in order to see. When they do that, they are handing over personal information to unknown developers of the dodgy app. Users are then offered a fake invitation to try out Google+ — a way to spam their friends with invites to try out the app.
According to the BitDefender team, 23 per cent of Facebook users have had a friend who has been infected with some type of social spam. The sentiments are echoed by internet security firm, Sophos. “You should also exercise great caution about what third-party apps you allow to access your Facebook records, especially when they are demanding the ability to post to your wall and grab personal information," says Graham Cluley, senior technology consultant at Sophos.
Kaspersky’s Assolini advises that those interested in joining Google+ should explores the social media site on a secure computer for the first time, while being cautious at all times of pop-up blocks and links that insist you to re-direct to a new page. Kaspersky Lab also urges users to not believe in “official-looking” invites received via e-mails.
The worrying news is the rising use of social networks from unsecured mobile devices. Security firm Symantec has observed a 43 per cent increase in mobile vulnerabilities in 2010, according to the latest Internet Security Threat Report.
Shantanu Ghosh, VP (India Product Operations), Symantec says: “Malicious authors have taken a variety of popular free apps from the OS market and bundled them with malware capable of rooting the phone, harvesting data or opening a backdoor. Symantec has been seeing a lot of this lately — threats in which authors release them on unofficial Android marketplaces. As mobile security becomes a growing concern, consumers should look at securing devices and confidential data on them."