Internet users and social networking sites visitors, should brace themselves for a spike of attacks around Halloween with an aim to monetize vulnerabilities. The attackers are known to take advantage of the increase in traffic around holidays when peole exchange online greetings to try and steel personal content or infect computers with malware.
Picture: In 2007, thousands of people have received an e-mail with a link with a dancing skeleton redirecting them to a site with an infected Java script exploiting security vulnerabilities in web-browsers to infect other PCs.
An Internet scam generally uses social engineering techniques to get the user to take action, such as downloading and installing a trojan. Scams are prevalent in emails, but increasingly occur in various notifications and instant chat on social networking sites. The user is lured in the form of links to a host of apps, games, 'funniest videos,' etc.
By clicking the dubious site that one receives via email or comes across on various sites, the user is directed either to a site containing hidden malware (various types of trojans, worms, adware and others) or a rogue site offering applications for viewing videos or some other software, or is enticed to select and view postcards, for instance. The average user usually has to click his/her way through a number of dialogue windows, getting all the way to the window asking for inputting payment details – which is exactly what the online thieves are after.
Randy Abrams, Director of Technical Education at ESET office in San Diego warns: watch out for Twitter this Halloween. I will be shocked if Twitter is not used extensively to send links to malicious websites. The medium is perfect for this type of abuse and the extensive use of obfuscated URLS makes it so easy to hide the malicious links. Similarly to Twitter, Facebook also offers notifications about various activities of friends, the users should be watchful of, as should be the patrons of instant messaging platforms, such as MSN, and ICQ.
ESET recomends to refrain clicking unfamiliar links and opening suspicious email attachments, i.e . those that do not contain sender information, are written in all caps, are adorned with exclamaition marks or refer to content which the user is not interested in. To reduce the risk of exposure to exploits, it is recommended that users periodically change passwords to online accounts and email or social networks and perform regular updates of their operatign system and antivirus software.
About ESET
Founded in 1992, ESET is a global provider of security solutions for corporate customers and households. From a small family-sized venture, ESET has evolved into a leader in proactive malware detection and is in the front lines of combating emerging cyberthreats. ESET has headquarters in Bratislava, Slovakia with branch offices in Prague, Czech Republic; San Diego, USA; and Buenos Aires, Argentina. ESET‘s security solutions are available in more than 160 countries worldwide. In 2008, ESET opened its new development center in Krakow, Poland and was ranked by Deloitte Technology Fast 500 as one of the fastest growing technology companies in the EMEA region.