Google Talks Spam Control for Buzz

Update: WebProNews contacted Google to find out how they handle Google Buzz spam. The company tells us:

"We have several spam and abuse checks in place for Google Buzz content. On the abuse side, we recompress images that are uploaded, and links are scanned by the same technology that helps protect Google web search and browsers that implement our Safe Browsing data. Users can also click "Report abuse" in the drop-down menu for each Buzz message. We will suspend accounts for abuse that violates our terms of service."

"Email messages and buzz posts are inherently different in that anyone with your email address can spam you, but you choose who to follow in Buzz. If someone is following you whom you consider spammy, you can always block them. We think the bigger potential for spam is in comments, and we have spam and abuse detection in place to combat this."

Original Article: Last week, Google launched the much talked about Google Buzz, its new social media product that ties into users' Gmail accounts (among other things). Privacy issues have been widely discussed (and addressed accordingly by Google), but Security firm Websense tells us that spammers are already exploiting the service as well.

"With all the buzz last week about Google Buzz, we were just waiting for malicious activity to show up on the newly launched service," a Websense representative told WebProNews. "We didn't quite expect it to happen this fast. Last Friday we saw the first spam using Google Buzz to spread a message about smoking."

"The spammer was already following 237 people, and we can only imagine that he or she has sent similar messages to all of them," she added. "This particular message leads to a site hosted on a free Web hosting service talking about how to quit smoking."

It goes to show that spammers waste no time in exploiting new opportunities, and something as big as a Google social network is sure to have a great deal of potential victims.

"When Twitter was launched, it took a while before it was used to send spam and other malicious messages," the representative said. "In this case, it only took two days. It's clear that the bad guys have learned from their experience using social networks to distribute these type of messages. We hope that Google is geared up for dealing with the volume of spam it's bound to see on the new service. Until then, we advise users to be careful, as usual, when clicking on unknown links."

Carl Leonard, Security Research Manager EMEA, Websense says, "It's worrying that spammers have an improved knowledge of social networks these days that allows them to hit new services like Google Buzz so rapidly. Users want to communicate through multiple channels and use social media tools as part of their everyday lives including at work, but it's important they are savvy to potential threats."

We've contacted Google about its efforts for combating Google Buzz spam. We don't know how widespread a problem this is. I haven't noticed any spam in my own Buzz account yet, and its hard to say how common it is. I would say, however, that the best precaution you can probably take is to only follow people you trust. We'll update this post when we hear back from Google on the subject.

Google uses Buzz in its own real-time search results, which will show up in SERPs for many newsy or "buzzy" (if you will) queries, but Google is generally pretty good at keeping spam in its search results to a minimum. When Google's real-time search first launched, the spam quickly followed, but I can't say I've seen much in the way of spam showing up here anytime recently. As I write this, I'm watching the " Mardi Gras " results roll in, and I'm not seeing anything that doesn't appear legitimate (spammers are often quick to exploit events).

Have you witnessed any Google Buzz spam? Comment here.

As Companies Relax on Social Media, Threats Increase

Even as social media has grown to be a much more widely accepted form of communication among businesses over the years, there is still plenty of data out there depicting the flaws and setbacks that can occur when social networks are used in the business environment. Just as with email or web surfing in general, there are security concerns, and a new report (pdf) from security firm Sophos claims that malware and spam have increased by as much as 70% on social networks from a year ago.

How big of a security concern do you find social media to be? Discuss here.

The firm surveyed over 500 organizations and found that 36% of users claim to have been sent malware via social networking sites, which is an increase of 69% from last year.

"Computer users are spending more time on social networks, sharing sensitive and valuable personal information, and hackers have sniffed out where the money is to be made," said Graham Cluley, senior technology consultant for Sophos. "The dramatic rise in attacks in the last year tells us that social networks and their millions of users have to do more to protect themselves from organized cybercrime, or risk falling prey to identity theft schemes, scams, and malware attacks."

Of course front and center of everybody's attention is Facebook, the world's most popular social network. Sophos found that out of those surveyed, 60% believe Facebook poses the biggest security threat out of social networks, compared to just 18% naming MySpace, 17% naming Twitter, and 4% naming LinkedIn.

"We shouldn’t forget that Facebook is by far the largest social network – and you’ll find more bad apples in the biggest orchard," says Cluley. "The truth is that the security team at Facebook works hard to counter threats on their site – it's just that policing 350 million users can't be an easy job for anyone. But there is no doubt that simple changes could make Facebook users safer. For instance, when Facebook rolled-out its new recommended privacy settings late last year, it was a backwards step, encouraging many users to share their information with everybody on the Internet."

Although LinkedIn was cited as the network among the top four that sparks the least amount of concern from survey participants, Cluley notes that it has its own significant risk factors, which should not be overlooked.

"Targeted attacks against companies are in the news at the moment, and the more information a criminal can get about your organization’s structure, the easier for them to send a poisoned attachment to precisely the person whose computer they want to break into," he explains. "Sites like LinkedIn provide hackers with what is effectively a corporate directory, listing your staff’s names and positions. This makes it child’s play to reverse-engineer the email addresses of potential victims."

According to Sophos' findings, 49% of firms allow all their staff unfettered access to Facebook, a stat that is up 13% from last year.

"The grim irony is that just as companies are loosening their attitude to staff activity on social networks, the threat of malware, spam, phishing and identity theft on Facebook is increasing," says Cluley. "However, social networks can be an essential part of the business mix today, and the answer is not to bar staff from participating in them, but to apply some 'social security' instead."

As Cluely suggests, social networks have simply become part of the way we do business. At this point for a lot of companies, shutting down access in not an option. The reality is that no matter which way you communicate online, there are going to be threats. This is true not only in the corporate world, but in general life. As social networking becomes more location-oriented, you have to wonder if cyber crime might lead to an increase in physical world crime. That's a scary thought.

Is social media worth the security risks to your company? Share your thoughts.


Have You Read This?
 

> Businesses Benefit as Customers Share Current Locations

> Customer Connections Now Important for Google Results

> Facebook Most Popular Mobile Social Website

Cost Of Data Breaches Continues To Climb

Data breach incidents cost U.S. companies $204 per compromised customer record in 2009, compared to $202 in 2008, according to a new study from the Ponemon Institute and security firm PGP.

Even with an overall drop in the number of reported breaches (498 in 2009 vs. 657 in 2008), the average total per-incident costs in 2009 were $6.75 million compared to an average of $6.65 million in 2008.

Highlights from the study include:

 

•   Careless insider breaches have decreased in number and cost most likely resulting from training and awareness programs having a positive affect on employees' sensitivity and awareness about the protection of personal information. Additionally, 58 percent have expanded their use of encryption up from 44 percent last year.
•   Organizations are spending more on legal defense costs which can be attributed to increasing fears of successful class actions resulting from customer, consumer or employee data loss.
•   Average abnormal churn rates across all incidents in the study were slightly higher than last year (from 3.6 percent in 2008 to 3.7 percent in 2009), which was measured by the loss of customers who were directly affected by the data breach event (i.e., typically those receiving notification). The industries with the highest churn rate were pharmaceuticals, communications and healthcare (all at 6 percent), followed by financial services and services (both at 5 percent).
•   Third-party organizations accounted for 42 percent of all breach cases, dropping from 44 percent of all cases in 2008. These remain the most costly form of data breaches due to additional investigation and consulting fees.
•   The most expensive data breach event included in this year's study cost a company nearly $31 million to resolve.  The least expensive total cost of data breach for a company included in the study was $750,000.

"In the five years we have conducted this study, we have continued to see an increase in the cost to businesses for suffering a data breach," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute.

"With a variety of threat vectors to contend with, companies must proactively implement policies and technologies that mitigate the risk of facing a costly breach."

> Spam Is Getting More Malicious

>Stealth Phishing Attack Looks Like Internal Email

>Security A Concern For Online Holiday Shoppers

 

Spam is Getting More Malicious

Symantec has released two new reports for the month of November - the State of Spam, and the State of Phishing (both PDFs). The reports highlight a dramatic increase in spam that contains malware. On top of that, junk and malicious email now accounts for close to 9 out of 10 email messages.

The security firm says that a new generation of "Spam Princes" are rising, and that the Asia Pacific region, Japan, and South America have surpassed North America, with regards to where spam is originating from.

"Rising spam levels originating from South America, Asia Pacific and Japan are not altogether surprising when you consider the massive growth of internet connections in these regions," says Amanda Grady, Principal Analyst, Symantec. "Meanwhile, the increased threats to social networking websites is interesting because it shows spammers are hiding behind the reputation and brand trust built by legitimate companies. Social networking sites that have a large user base will continue to be targets of malicious and phishing emails."

Symantec shares the following findings:

- In October, an average of 1.9% of all spam messages contained malware. This equates to a 0.6% increase from September, when the number of messages containing malware hit a maximum of 4.5% of all spam

- Symantec observed a 17% increase from the previous month in all phishing attacks
 
- 30% of phishing URLs were generated using phishing toolkits; an increase of 24% from the previous month

-  Symantec observed a 45% increase from September in non-English phishing sites
 
- More than 97 Web hosting services were used, which accounted for 8% of all phishing attacks; a decrease of 19% in total Web host URLs when compared to the previous month

Symantec's report of an increase of malware-infected spam is made even more unsettling as news reports surface of computer viruses infecting unknowing victims' machines with child porn.

Have You Read This? 

> Stealth Phishing Attack Looks Like Internal Email

> Symantec Urges Windows Users to Patch Systems

> Beware Holiday Emails

Next Page »