Modernizing Authentication — What It Takes to Transform Secure Access
Ping, the social network built into Apple's new iTunes 10 digital media store, received a thorough scrubbing by the company's engineers this week after discovering that its comments section had quickly become a spammer's paradise.
A bevy of comments and links on various artists' pages on the popular service -- which eclipsed the one million-user mark within a couple days of its release last Wednesday -- were inundated with links to bogus surveys promising free iPhones or iPads in exchange for completing the questionnaires. Instead, those surveys aimed to simply spread spam or install malware on unsuspecting victims' PCs and mobile devices.
"Weve seen these types of 'Win a free iPad or iPhone' scams hitting Facebook and Twitter for some time now as it fits the modus operandi of cybercriminals to latch on to the latest technologies or platforms that users will use to spread their spam or scams," Bradley Anstis, vice president of technology strategy for security software provider M86 Security, said in an advisory.
"Now with social networks being much more prevalent, it's easier to convince people that these scams are real and legitimate," he added. "And it's rather ironic that this very scam has begun to proliferate within Apple's own product (iTunes)."https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Apple (NASDAQ: AAPL) was fairly quick to respond to the obvious spamfest under way, according to a post on the AppleInsider blog, which said the company identified and erased most of the fake user accounts (including ones purporting to be Apple's CEO, Steve Jobs, and other top execs) while eradicating most of the spam-laden links and comments.
In addition to the digital housecleaning, Apple unveiled a few improvements to the Ping user interface, including the addition of "back" and "forward" buttons to make it easier to quickly navigate around pages on the site.
Just one week after its debut, Ping now joins the likes of Facebook, MySpace and Twitter as social networking sites that have and will continue to be targeted by hackers and spammers. Increasingly, malware authors and scammers are looking to social media to take advantage of users' eagerness to share information publicly and quickly among their friends, family and colleagues.
For Apple, at least, Anstis suggested some improvements that could stymie the proliferation of attackers on its new service.
"Apple needs to implement better controls to weed out these types of messages," he said. "They've currently set it so that user profile pictures cannot be posted unless they are approved."
"It would be too much to manage comment approvals, but implementing some form of automation to strip out links from comments is a good starting point," he added.
Follow eSecurityPlanet on Twitter @eSecurityP.