The boom of social networks, and as such of WEB 2.0 have made viruses, Trojans, malwares and all types of cyber attacks reproduce more easily and quickly. The myth of virtual friends causes hackers to set up hoaxes that enter the lives of flesh and blood individuals through social engineering, and not only harm the one who receives the attack but their entire network of friends. Nowadays there are various types of social networks such as Facebook, Hi5, MySpace, Bebo, Skyblog, Xing (formerly called Neuron) and Viadeo.
The information that is hosted on the pages of each user allows to obtain the data of this person without any restriction, leaving an open line that allows the entry of hackers to virtual reality and later to the real one.
In June 2008, two social networks suffered a massive phishing attack through 50 websites that pretended to be Facebook and Hi5. This fraud was presented by the mass sending of emails that invited the recipient to join the network, so that when the user clicked on any of the links he was directed to a false page, identical to the real one, where his username and password were stolen.
In August 2008, 132 malicious programs were in circulation every hour, and during the first eight months of the year approximately 527,000 new programs containing malicious software circulated, four times more than during the whole of 2007.
The first worm that infected social networks was created by a MySpace user, who was able to add thanks to this threat a million users to his contact list, because the worm launched a script to the different users who stumbled upon it in search of vulnerabilities, which were exploited to perform malicious actions such as infecting cookies with malicious code, open SSL connections, etc. The other attack was by another worm that used users' profiles to spread, so that anyone who visited that profile became infected.
In mid-December 2007, a Canadian pornography company hacked into the account of 200,000 Facebook users, gaining access to data such as their username, password or email address.
Within all these attacks on the networks, a Trojan was detected, called Orkut.AT, which used the social network Orkut to spread by showing in the books of notes of the users a YouTube video, when pressing the link, a message came out indicating that the video could not be seen and the Internet user was offered the possibility of downloading it, in doing so it was downloading the Trojan Orkut.AT and immediately redirected the user to the page where the video in question was shown. Once on the computer, the Trojan posted its malicious message on the scrapbooks of all of its new victim's Orkut contacts.
In the last year , phishing attacks have grown in the last year by almost 60%, occurring on a larger scale in the United States or china, where the main sites for phishing are social networks.
