Security Service Debuts for Social Networking
New security service for social network providers sniffs out spam and phishes from profiles, posts, blogs, messages
Cloudmark today rolled out one of the first commercial security services designed specifically for social networking providers.
Spammers and phishers are increasingly setting their sights on social networks, which traditionally have deployed homegrown security solutions, says Jamie de Guerre, Cloudmark’s CTO. The sheer size and nature of these networks makes them a prime target for spammers and phishers, he says. “Spammers are looking for new audiences and ways to reach them."
The new network-level service from Cloudmark filters spam and other unwanted traffic from social network sites’ comments, profiles, blogs, friend requests, and messages, says de Guerre. “There’s nothing out there for end users to protect themselves” on social networking sites today, he says, and security is mainly up to the social networks themselves.
Spammers and phishers are now creating bot-driven member profiles on social networking sites. “There’s no real user behind the profile. At some point, they put the spam or phishing payload on the profile page and just send friend requests to other contacts on the social networking site,” de Guerre says.
And a user doesn’t even have to accept an invitation request to the rogue profile to be infected, he says. “Some social networks let users edit the HTML code behind the page. So we’ve seen attacks from just going to the [rogue profile] page, and then getting taken to a page that says the session has expired and you have to log in again,” he explains. Then the victim gets sent to a site that looks just like his or her social network, but is really the bad guy’s page that steals credentials. The victim’s account then gets used to stage more attacks.
“That can spam all the users you’re connected to,” de Guerre says.
De Guerre says one of the world's largest social networking sites has deployed the new Cloudmark Authority for Social Networking Providers, although he wouldn’t identify the site.
Cloudmark’s new offering uses its existing fingerprinting algorithms that detect spam and phishing or other malicious types of traffic, including email, images, text, binary, and mobile messages. “It’s based on our distributed collaborative feedback where users can report spam within the site and we use that to [identify] and stop new threats,” he says.
The company is best known for its email and anti-spam security service for service providers, and has customers such as EarthLink, Comcast, Cablevision, and Cox Communications.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024