As social netwoking sites proliferate, extending the metaphor of organic connections between individuals and communities, one aspect that has so far been under appreciated is the spread of malicious viruses via connections between network members. Just as biological viruses tend to spread faster as individuals are brought closer together by a shrinking world, so too computer viruses are finding a vehicle to spread via Web2.0 social networks.
Most Web2.0 sites, and these include Facebook, MySpace, Orkut, and even Google pages, offer users a potpourri of applets that add cool little functionalities to member’s profile pages. Google for instance offers Google “gadgets” like calendars, news feeds, photo display applications, accounting applications, weather, and a whole host of other apps.
Increasingly these are targets for malicious hackers who exploit people’s lack of awareness (as well as lack of protection), and their natural tendency to being open to adding new friends and applications without worry, to spread virus attacks. The problem is not necessarily Google’s programming, but the open source and shareware nature of applications being developed by programmers around the world, and offered on sites like Google and Facebook.
This was one of the issues discussed at the recent Black Hat USA 2008 conference in Las Vegas where two security experts, Robert Hansen, chief executive of SecTheory, and Tom Stacener, of Cenzic, the security software testing maker, demonstrated how a malicious gadget could break into a user’s web browser and read searches in real time and conduct other attacks, including stealing information from other gadgets that store personal information (like accounting applications).
This is particularly a problem with younger users who are seemingly less concerned with privacy and security issues, and see social networks as a vast playground of social interactions and free form play — putting up personal information, installing unchecked applications, and generally mingling their digital juices with abandon. Interestingly, older users who should know better, also fall prey to these lapses in judgment.
A word to the wise for people, especially companies, who are exploring how to deploy Web2.0 and Enterprise2.0 applications in their corporate networks. A word of caution too the next time you decide to poke someone after seeing their cute (and perhaps fallacious) profile picture.
Until protection tools get better, remember to Inspect ‘Yer Gadgets!
Virus update: Social networking sites targeted by worms