Fake Google Plus invites a new threat
With Google Plus the hottest new social networking tool around, malicious code is now being sent disguised as a Google Plus invitation, warns Kaspersky Lab.
Having only launched at the end of June, Google Plus is growing fast, having already reached more than 10 million users in its first week of operation.
However, Kaspersky Lab warns that, as with any social network, over-sharing has become the default option, and as such, is a constant concern. Considering Google Plus is new to this arena, it is interesting to note that it has already attracted the attention of cybercriminals. In fact, Kaspersky Lab says cybercriminals are already targeting individuals through friend invites to this network, via emails.
Fabio Assolini, Malware Researcher, Global Research and Analysis Team at Kaspersky Lab; says: “Google Plus is another addition to the social networking world, and while certainly an exciting avenue to explore in this regard, considering the world of Internet cybercrime, Kaspersky Lab has identified that Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers.
We recently found one targeting Portuguese speakers and as such, feel that it is crucial to warn users of the potential security threats targeting this social networking site, as it is only set to grow.”
The fake invite contains an infected link that when accessed, redirects the user to a very common Brazilian Trojan banker file - a .cmd file hosted at Dropbox. The most interesting thing to note in this message however is another link pointing to a form hosted at Google Docs. The message shows the link as “send the invitation to your friends” but it is actually a fake form created to collect names and e-mail addresses of new victims. Kaspersky Lab has reported this malicious file and the fake Web form to Google for their interest.
Social networks are seen as one of the greatest security threats among businesses, along with various other forms of file sharing. The introduction of new social networking sites creates a haven for cybercriminals to implement virus and threat activity for their own gain; especially as such sites are without a doubt popular among users. In fact, looking at statistics it is evident as to why these sites attract cybercriminals – lots of users.
According to Strategy Worx CC, worldwide, Facebook has 750 million users. The same report also indicates that Twitter has an estimated figure of 277 million worldwide users. Google Plus is fast gaining the attention of users and the nature progress to cybercriminals is evident.
As such, Kaspersky Lab offers the following tips for securing a Google Plus account:
• Profile Management - The profile editing section is the brains of the Google Plus’s privacy, providing a versatile interface that allows you to customise how you share each and every nugget of your information. Be sure to use it and make your privacy levels a high priority.
• One circle to rule them all - If you're going to use Google Plus, you need to learn to master the fine art of Circle Management. Circles are the main privacy control centre of Google Plus. They allow you to create groups of friends and associates using a powerful (and cool) user interface that makes it easy to group friends, family and co-workers, and then limit who can see what.
• Instant upload - If you access Google Plus using your Android phone, photos and videos you take are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don't worry - photos aren't shared by default, but are stored on a private Picasa Web folder for future sharing. Instant Upload is a fine idea - for a minority of users - but it’s enabled by default and may take a lot of new Google Plus users unaware. To disable Instant Upload, click into the app, Menu/ Settings/ and at the top of the screen uncheck “Instant Upload” for increased protection.
Concludes Assolini; “If you are interested in joining Google Plus, our advice would be to ensure you explore this medium on a secure computer, whist being cautious at all times of pop up blocks and links that insist you re-direct. Furthermore, Kaspersky Lab urge users to not believe in supposed invites received via e-mails. Ensuring a safe social networking experience requires you to be aware that such threats exist, thereby being able to take action the necessary action required and socialising in a secure environment.”