Cloudmark today rolled out one of the first commercial security services designed specifically for social networking providers.
Spammers and phishers are increasingly setting their sights on social networks, which traditionally have deployed homegrown security solutions, says Jamie de Guerre, Cloudmarks CTO. The sheer size and nature of these networks makes them a prime target for spammers and phishers, he says. Spammers are looking for new audiences and ways to reach them."
The new network-level service from Cloudmark filters spam and other unwanted traffic from social network sites comments, profiles, blogs, friend requests, and messages, says de Guerre. Theres nothing out there for end users to protect themselves on social networking sites today, he says, and security is mainly up to the social networks themselves.
Spammers and phishers are now creating bot-driven member profiles on social networking sites. Theres no real user behind the profile. At some point, they put the spam or phishing payload on the profile page and just send friend requests to other contacts on the social networking site, de Guerre says.
And a user doesnt even have to accept an invitation request to the rogue profile to be infected, he says. Some social networks let users edit the HTML code behind the page. So weve seen attacks from just going to the [rogue profile] page, and then getting taken to a page that says the session has expired and you have to log in again, he explains. Then the victim gets sent to a site that looks just like his or her social network, but is really the bad guys page that steals credentials. The victims account then gets used to stage more attacks.
That can spam all the users youre connected to, de Guerre says.
De Guerre says one of the world's largest social networking sites has deployed the new Cloudmark Authority for Social Networking Providers, although he wouldnt identify the site.
Cloudmarks new offering uses its existing fingerprinting algorithms that detect spam and phishing or other malicious types of traffic, including email, images, text, binary, and mobile messages. Its based on our distributed collaborative feedback where users can report spam within the site and we use that to [identify] and stop new threats, he says.
The company is best known for its email and anti-spam security service for service providers, and has customers such as EarthLink, Comcast, Cablevision, and Cox Communications.
Kelly Jackson Higgins, Senior Editor, Dark Reading