Social Networks Are Risky Business

Brand Identity

Twitter is already succumbing to a new form of cyber squatting, which used to mean sitting on domain names for potential sale. (Has your brand/IP protection service provider or legal department investigated reserving critical social network IDs?) Now the term also applies to any site with free signup that becomes popular and does no checks on ownership of brand. See to see an example of some homesteader staking out a commercial entity’s brand.

New Virus Vectors

As I predicted over a year ago, social networking sites are beginning to be used as vectors for transmitting viruses. The mechanism should be familiar by now: a message is sent that asks a member to click on a cool link. Or, in the case of Koobface, spreading rapidly this month on Facebook, the member is told to “look at these videos of you I found on the Internet”. The destination is, of course, a malicious URL that infects the user and uses the fact that they are logged in to Facebook to send similar messages to the user’s “friends” thus becoming self propagating. In the meantime, the user’s computer is drafted into a bot army for later mischief.

Twitter is particularly vulnerable to this form of virus transport. Because Twitter constrains message length to 140 characters they provide a utility that automatically contracts long URLs using That means that Twitter members frequently click on obfuscated URLs. Expect Koobface attacks on Twitter within weeks.

Avoiding The Risk

Over time the social sites will learn to reduce their own exposure to these types of abuse. In the mean time, enterprises should protect themselves. My advice is simple:

· Enforce strong password management. Remote access should be controlled with tokens or some other two-part authentication scheme. In this way you do not expose your organization to the consequences of your users’ sloppy password habits.

· Deploy content control. There are many solutions for blocking access to malicious sites. Some, such as Websense and IBM, block access based on the URL. Others, such as Finjan, and Fortinet detect and block the malware as it tries to download. Content control can be applied to instant messaging services such as AIM and Skype, as well.

· Reserve your social site brand names as soon as possible. The cost is only the cost of tracking and maintaining a list of sites and IDs. Someday your marketing and legal departments will thank you.

While getting ahead of the threats represented by social networking just makes good security sense, I advise against blocking access to social media. The benefits may be hard to quantify today, but they will be there in the future.

Richard Stiennon is a security industry analyst. He writes the security blog for and has re-launched IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software and before that VP Research for a major analyst firm.