Hackers target Google+ with fake invites

Kaspersky Lab has warned that Internet users are already being subjected to targeted attacks on the newly launched Google+ social networking site.

Having only launched at the end of June, Google+ is growing fast, having already reached more than 10 million users in its first weeks of operation. As new as it is, though, its scale has already attracted the attention of cybercriminals.

Kaspersky Lab warned today that cybercriminals are already targeting individuals through friend invites to this network, via emails.

The criminals rely on the trend in all social networks of over-sharing, which appears to have become the default option.

Fabio Assolini, Malware Researcher, Global Research and Analysis Team at Kaspersky Lab, says they have detected that Brazilian cybercriminals have already started sending fake invites with malicious links pointing to malware, specifically Trojan bankers.

“We recently found one targeting Portuguese speakers and feel that it is crucial to warn users of the potential security threats targeting this social networking site, as it is only set to grow.‚

The fake invite contains an infected link that, when accessed, redirects the user to a very common Brazilian Trojan banker file – a .cmd file hosted at Dropbox. The most interesting thing about this message is another link, pointing to a form hosted at Google Docs. The message shows the link as ‚send the invitation to your friends‚ but it is actually a fake form created to collect names and e-mail addresses of new victims. Kaspersky Lab has reported this malicious file and the fake Web form to Google.

Social networks are seen as one of the greatest security threats among businesses, along with various other forms of file sharing. The introduction of new social networking sites creates a haven for cybercriminals to implement virus and threat activity for their own gain.

Kaspersky Lab offers the following tips for securing a Google+ account:

· Profile Management РThe profile editing section is the brains of Google+ privacy, providing a versatile interface that allows you to customise how you share all information. Be sure to use it and make your privacy levels a high priority.

¬∑ One circle to rule them all – If you’re going to use Google+, you need to learn to master the art of Circle Management. Circles are the main privacy control centre of Google+. They allow you to create groups of friends and associates using a powerful user interface that makes it easy to group friends, family and co-workers, and then limit who can see what.

¬∑ Instant upload – If you access Google+ using an Android phone, photos and videos are automatically uploaded to Google’s cloud via a new tool called Instant Upload. Don’t worry – photos aren’t shared by default, but are stored on a private Picasa Web folder for future sharing. Instant Upload is a fine idea – for a minority of users – but it’s enabled by default and may take a lot of new Google+ users unaware. To disable Instant Upload, click into the app, Menu/ Settings/ and at the top of the screen uncheck ‚Instant Upload‚ for increased protection.

Says Assolini: ‚If you are interested in joining Google+, our advice would be to ensure you explore this medium on a secure computer, while being cautious at all times of pop-up blocks and links that insist you re-direct. Furthermore, Kaspersky Lab urges users not to believe in supposed invites received via e-mails. Ensuring a safe social networking experience requires you to be aware that such threats exist, thereby being able to take action the necessary action required and socialising in a secure environment.‚

* “