In the last two years according to their wiki entry, Digg.com has over one million unique visitors per day on their website. In case you’re unaware of Digg, and social book marking in general perhaps you should start with Digg’s How Stuff Works page. Recently I submitted two different applications that made it to the front page of Digg. Both of them were quick apps to make things easier for Digg users. Of course instantly, there were hundreds of downloads. Now my software is legit, as well as open source. But what if it wasn’t? What happens when a spyware maker sneaks in his malware into a legit like social book marking app, or even any piece of software in general? Well let’s take a previous event that happened on MySpace not too long ago. Basically Zango released MySpace profiles with videos embedded on it. These videos had a license agreement, which when accepted would install spyware on your PC. Most users would just assume that this is a trusted pop-up from MySpace. However these agreements had absolutely nothing to do with MySpace, and were from known adware makers. If you care to read more about it here is the article.
With social book marking we have a similar situation. User generated content is hitting the front page of a website that gets 1 million unique hits per day. Starting to see the trouble now? Say I had malicious intent to infect people’s computers. Well submitting two pieces of software to Digg could infect tens of thousands of people. The fact is while Digg is a reputable site, what it links to is never sure to be a legitimate website. But what can you do? There are dozens of social book marking sites such as Digg, Reddit and del.icio.us, all of them reputable websites. However each of them equally share this risk, and have the potential to serve spyware to thousands. One might argue that a lot of these users are technically advanced compared to MySpace users. Or that they use alternative operating system such as Linux or a Mac. However I don’t feel the need to run a virus checker, as it just wastes CPU usage. I myself would most likely run an application on the front page of a social book marking site. After all something with hundreds of people approving has to be legit right? Sadly…wrong. With such a high percentage of the technology based social websites users being Linux users, it would be the absolute perfect time to release a Linux application laced with malicious code as well. An Open source app on the front page of a popular site doesn’t justify running an unknown program. Ever. Putting an unknown link on a popular website, is eventually doomed for failure. It’s really not a matter of if it will happen, it’s a matter of when. Spyware makers will always be taking advantage of people. I would be surprised if any of them would turn down being on the front page of a website with a million hits a day. From now on I will definitely be using some form of virus checker to double check nothing malicious is embedded. My personal favorite is this online malware scanner.