Last year saw the overall volume of email delivered spam drop for the first, which has to be good news. Or it would be were it not for the fact that spammers have not gone away, they have merely moved with the times and adapted their business so as to exploit the best marketing opportunities for their unsolicited and unwanted, erm, marketing opportunities. Because spam filtering at both the client and server ends of the market has improved to the point where, for many people at least, emailed spam has become all but invisible the bad guys are turning to social spamming.
Those of us involved in the day to day management of forums such as DaniWeb are all too well aware of the amount of spam that heads this way in the form of bogus forum postings for example, and social networks have not escaped the spam flood either. Indeed, it is the social networks that have become the target of choice for the spammer it would seem. Whereas forum spam tends to consist mainly of straightforward advertising of the 'cheap iPhone here' accompanied by a link (or twenty) variety, social network spam, more often than not, carries some kind of malicious payload.
Marek Polesensky, a malware researcher with security vendor ESET, recently identified a whole host of worms attacking Facebook users. These included the likes of the Yimfoca worm which targeted Facebook and Fbphotofake which took the more traditional spammed wall postings route to infection. None of which should come as any surprise when you discover that a toolkit to create Facebook malware can be purchased through the online crime black market for as little as $25.
To help combat the social network spam and malware threat, Barracuda Networks has produced the ' Profile Protector ' which is initially available for any user of Facebook, and will soon add Twitter to the networks it helps protect from the bad guys. Profile Protector is completely free of charge, which is handy, and is up and running in an instant as there is no local installation to worry about and nothing by way of complex configuration either. You will need to connect it to your Facebook account, which means allowing it access to various things that, at first glance, may appear a tad concerning.
After all, when you are looking for a service that claims to protect you from those who would invade your privacy and use your Facebook account for marketing purposes it is a little off-putting to be asked to hand over access to your list of friends, your friend requests, all the information you've ever shared with everyone and that includes access to your photos and videos and so on. But, as with most security solutions, it is a matter of trust. Or more to the point, a matter of who do you trust? Long established security vendors are much higher up on my trust curve than most, although I do admit to being just a little concerned that Profile Protector wanted me to give it permission to post status messages, notes, photos and videos on my Facebook wall. So concerned that I contacted the Barracuda Networks press office before completing the installation of Profile Protector to ask why, exactly, it needed that?
A Barracuda spokesperson explained that at the moment "Profile Protector does not post to a user's wall" however, at some point in the future "the user will be provided with the option of posting their scan results with their permission". The key point here being those last three words, and as long as I have to opt in for scan results (which, to be honest, is just another way of saying product promotion) to be posted to my wall rather than opt out, I'm happy enough. So I clicked and connected, after which not a great deal happened, no fireworks going off, no bells and whistles, just a very quick scan of any links posted to my wall and elsewhere, followed by an all clear message.
That's the beauty of Profile Protector, it acts like an antivirus scanner for your Facebook account. It analyses the user-generated content posted to your Facebook profile and can then block or remove anything that is determined to be suspicious content such as malicious links or embedded photos for example. Of course, if you are sufficiently security savvy (and most of the time that means being in possession of an average amount of common sense) and do not install every Facebook App going, accept every 'friend' invitation made and click on every link you see, then you probably don't need Profile Protector. Unfortunately, experience suggests that far too many are not sufficiently savvy, and while this solution is not unique by any means, it is free and unobtrusive.
Ultimately, anything that helps keep the bad guys at bay has to be a good thing...
Edited by happygeek: edited links