Social media remains fertile ground for hackers to expand their attacks through malware and trendjacking.

Evan Blair, COO, ZeroFOX

November 6, 2014

3 Min Read

The past several weeks have seen numerous articles about the spread of malware via fake Ebola-related emails. Hackers will imitate the CDC, WHO, or major news outlets like CNN to spread dangerous links. Shocking headlines -- "Ebola virus has been cured!" -- entice people to click, resulting in compromised devices and accounts.

The ploy is not limited to email. Social media have also been used to disseminate dangerous information and manipulate users following the Ebola story. Hackers append trending hashtags, most commonly #Ebola, to amplify the scope of their attack -- a tactic known as trendjacking.

[Social networks can be both hero and villain during public panics. Read #Ebola Lessons: How Social Media Gets Infected]

By attaching an unrelated hashtag on to their own content, hackers capitalize on the popularity of the hashtag to target a larger audience. Users looking for information on social media need to be vigilant. The following precautions will help you avoid malicious links on social media.

Check the profile
The posting profile can be a revealing element in the equation of social media safety. Hackers will often use botnets (large networks of automated accounts) to spread malware and repost content. Bots are frequently programmed to trendjack popular hashtags, such as #ebola. The following features are common botnet giveaways:

  1. Strange or randomly generated handles or usernames

  2. Bursts of posts with links followed by bursts of posts with text only. This is done to fly under the radar of a social network's terms of service.

  3. Posts and account descriptions are book quotes or pseudo-coherent, which indicates an algorithmically generated strings of words. If the posts don't quite make sense, there's a good chance they are being computer generated.

  4. Questionable account pictures, like a scantily clad woman, are often used to catch the eye and entice users to interact with the account.

Check the post
The content in the post itself can be a strong indicator of a malicious link.

  1. If the post contains sensational text -- like a too-good-to-be-true statement or an incredible headline -- it's likely clickbait.

  2. If the post is affixed with unrelated hashtags, the hacker is likely using spray and prey distribution tactics. This type of trendjacking broadcasts the post to as large an audience as possible. Avoid these URLs, as they likely contain phishing or malware.

Check the link
Generally, link analysis requires advanced algorithms that analyze for hundreds of threat attributes. However, there are a handful of things you can do manually to identify malicious links.

  1. Always hover over a link before you click. A preview of the link will appear that will show the full address, unless it is a shortened link.

  2. Link shorteners, such as Bitly, are often used to hide a malicious link. For social networks with character limits, like Twitter, shortened links are common, so it is especially important to use discretion. Use a free link lengthener (like longurl.org or unshort.me) to reveal the full URL.

  3. Be wary of extremely long or random-looking links. These links are often used to disguise a malicious destination.

  4. Watch out for URLs that contain almost the same characters as real sites but are one or two characters off.

  5. Scan the link using any free online link analyzer, such as scanurl.net or virustotal.com.

When in doubt, don't click
If you doubt a link is trustworthy, don't risk it. There is plenty of quality literature on the web about events like the Ebola epidemic, and you can find it safely by searching directly. Don't get caught up in the panic on social media -- you'll save your devices and accounts from being infected, as well.

Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it? Get the Malware Mutation issue of Dark Reading today.

About the Author(s)

Evan Blair

Evan Blair

COO, ZeroFOX

Evan Blair is a Co-Founder and the Chief Operating Officer at ZeroFOX. Prior to that, he was a member of the Accuvant Leadership Team where he led the multimillion-dollar Partner Solutions practice. Evan began his career as a financial analyst with Dresdner Kleinwort in Manhattan, N.Y., and holds a BA in economics from Wake Forest University.

See more from Evan Blair
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

NHL's Calgary Flames at New Jersey Devils on February 8, 2024 in Newark, NJ
IT Infrastructure
NHL, Presidio, and a Transformation Power Move with Hybrid CloudNHL, Presidio, and a Transformation Power Move with Hybrid Cloud
byJoao-Pierre S. Ruth
Apr 5, 2024
6 Min Read
Online Privacy Security Threat Abstract Background Art
Cyber Resilience
Cyber Risks When Job Hunters Become the HuntedCyber Risks When Job Hunters Become the Hunted
byCarrie Pallardy
Apr 9, 2024
9 Min Read
Business innovative solution and creative concept as a paper boat tied to a light bulb
IT Leadership
9 Ways to Ensure Continuous Innovation9 Ways to Ensure Continuous Innovation
byLisa Morgan
Apr 2, 2024
9 Slides
Hand charging an electric car, leaves and butterflies emerge from the cars exhaust, idea of sustainable transportation. Green energy, eco friendly
Sustainability
Sustainable Transportation Takes OffSustainable Transportation Takes Off
bySamuel Greengard
Mar 26, 2024
5 Min Read
Robotic hand takes a slice out of a coin, representing money
Machine Learning & AI
Special Report: What's Next for the GenAI Market in 2024?Special Report: What's Next for the GenAI Market in 2024
bySara Peters
Mar 12, 2024
3 Min Read
Webinars
More Webinars
White Papers
More White Papers
Live Events
More Live Events
Reports
More Reports
May 2, 2024
While there are plentiful options in cyber resiliency and business continuity tools and platforms, there isn’t one that can knock out everything from sudden cloud outages to prolonged ransomware attacks in a single punch. What can you do to keep the company on its feet no matter what is thrown at it? Find out in this new virtual event.
Reserve Your Seat Now