Socially Engineered Malware: Your New Facebook Friend

Embarrassing confession: I was tricked into downloading a computer virus.

Socially Engineered Malware: Your New Facebook Friend

Last week, a high school friend of mine sent me a “Group Invite” message on Facebook®. The message urged all recipients to “help out my friend by ‘liking’ her page”, and included a link to said page. Being the helpful friend that I am, I decided to “CLICK HERE!”

Then, something strange happened: when I tried sharing the link by “Attaching” the URL into a message to a friend, Facebook did not correctly generate a description of the link. Instead, it only displayed random JavaScript code…

I knew immediately that I was infected with a virus. Shamefully, I asked myself: how could a supposed computer professional like me download a virus?

The answer: I was tricked!

Socially Engineered Malware

While some types of malicious software (malware) work by exploiting technical loopholes in a computer system, socially engineered malware exploits weaknesses in human nature. Even Mac users, with their perceived immunity to computer viruses, are not safe: without any technology dependencies, socially engineered malware can target users running either Windows or OS X.

From a cyber criminal’s perspective, tricking users into downloading and installing malware is a preferred means of attack. By manipulating trust (rather than hacking software), criminals may cast a wider net and target more victims. And the implied trust relationships inherent in social networking sites, such as Facebook, make them full of perfect targets for socially engineered attacks.

I, for one, certainly did not expect that the link sent to me by a friend would contain a virus: those clever hackers exploited my trust in my social network, and mislead me into clicking on the infected link (so you see, it wasn’t my fault).

Protecting Yourself against Socially Engineered Malware

I could have had all of the “smart” filters, firewalls, and anti-virus programs in the world installed and still downloaded that virus. Although these tools together do a good job of preventing most malware downloads, ultimately it is was me that made the decision about what to click.

Socially Engineered Malware: Anti-Virus Programs

It is therefore very important to “look before you click.” If you suspect a bad link, do a bit of research and mouse-over the link (without clicking!) and look at the preview URL that your browser will display. Pay special attention to the domain name (i.e. www.silverleafcs.com), and make sure that it is one that you recognize: if you notice random-looking characters and numbers in the domain name, this is a telltale sign that the URL could be an automatically-generated malicious site.

So the next time somebody (even a friend) sends you a link entitled OMG i cant believe she posted this LOL click here NOW, exercise a bit of caution. Clicking responsibly can mean the difference between discovering a new hilarious video, or even more hilariously (for the hackers), downloading socially engineered malware.

And if you do happen to accidentally download something bad, don’t be embarrassed, just click here. (link tested to be 99.9% malware-free)