AntivirusOffers logo 


Back to Learning Center

What are the virus, worm, Trojan threats on social media websites?

Posted on May 14, 2011
Social media websites have exploded in popularity in recent years. With so many people using them they have become a target for cyber crime and malware (malicious software). There have been a variety of virus, worm and Trojan threats on social media websites recently and it is important to be cautious in order to avoid downloading an infected file.
For people using social media websites such as Facebook and MySpace the threats are very real but thankfully they are also very easy to avoid. To give an example, a few months back there was a worm called Koobface which was doing the rounds on MySpace and Facebook. It tricked the user into downloading an infected file which would then allow remote access and control of your computer. The way it spread was quite clever because it would appear in your inbox as an invitation from a friend or contact to view a video file. The message included a link and if you clicked on that link it would take you to a false YouTube site to watch a video file. In order to watch the video it prompted you to download and install an Adobe Flash Plug-in (also false). Anybody who clicked to install the plug-in would end up downloading malware and compromising their computer, allowing remote access and control.
Similar scams have been used via email where a fake email claiming to be from a social media website encourages you to click on a link which then downloads malware onto your machine. It may be a false comment from someone or, as with the case above, a link to a fake video file. Whatever the disguise, the trick is to encourage you to click on a link which takes you to an illegal website and prompts the download of malware.
In order to avoid threats of this nature all you really need to do is exercise a little caution when you receive a message or email with a link in it. Even if the message apparently comes from someone you know and trust it is worth considering a few things before you click. If there is no personal message from the person or it doesn’t sound like something they would send then it probably wasn’t really sent by them. Look out for spelling mistakes and domain names which are designed to fool you by looking like the real thing but actually are not authentic.
This scam works in the same way as phishing scams by enticing you to click on a link. In general just avoid clicking links in emails or messages. If you believe the content is legitimate you can always just do a search for it yourself rather than click through a link which may lead you to download malware.
You may wonder how people can impersonate your friends and contacts on social media websites. In general this is done using cross-site scripting. Once again by encouraging you to click on a link to a nefarious website a scammer may be able to execute a script in your browser and steal sensitive information using your session cookie. This could also potentially be done by enticing you to read a message in a social network containing a malicious payload which allows the sender to steal your cookie when you read the message and use the information to impersonate you.
This cross-site scripting or XSS technique was used to infect Twitter. Any user who viewed an infected profile ended up with the same virus, dubbed the Mikeyy Worm. It sent out automated tweets which appeared to be from the hijacked account user and advertised the worm creator’s website. In this case it was created merely as a kind of warning about the lax security by a bored teenager but it did highlight the fragility of the security on Twitter. There have been several high profile cases on Twitter since then where people have been able to access the accounts of other users and sometimes politicians or celebrities with disastrous results.
All of the virus, worm and Trojan threats on social media websites have something in common. They all require you to read a message, email, or more commonly click on a link that is bogus. If you are cautious about the messages you read and avoid clicking links in messages or emails then you will be safe from the vast majority of potential threats.
You can also use a phishing filter in your web browser to safeguard against suspect websites. In addition you should always have antivirus software installed, running and up to date. The antivirus software may not be able to prevent you from downloading malware but it will alert you to the presence of a virus, worm or Trojan and protect your system from the damage they can do, provided you scan often.
If you suspect a message may be dodgy then type the subject line text into a search engine before opening it and see what results you get. Many of these telltale messages have been well documented online and you can find out quickly if the message you received is a threat. When it comes to links just avoid clicking on the ones in emails and messages altogether. If it is legitimate content then search for it yourself so as to avoid the risk of being directed to a false and potentially harmful website.

Webroot SecureAnywhere Internet Security Plus 2013

Webroot SecureAnywhere Internet Security Plus 2013

Proven antivirus, identity and password protection for your computers and mobile devices
Instant discount: save 50% ($30 off). Offer ends soon!

$59.99 $29.99
Webroot SecureAnywhere Antivirus 2013

Webroot SecureAnywhere Antivirus 2013

Fast and light antivirus and antispyware protection ***formerly known as Webroot Spy Sweeper***
Instant discount: save 50% ($20 off). Offer ends soon!

$39.99 $19.99
Webroot SecureAnywhere Complete 2013

Webroot SecureAnywhere Complete 2013

Complete PC, Tablet and Mobile threat protection
Instant discount: save 60% ($50 off). Offer ends soon!

$79.99 $29.99