Understanding Malware: Role of Social Networking

by CXOtoday Staff    Apr 26, 2010

Malware attacks are a growing concern amongst enterprises. It not only results in downtime but also poses the threat of data theft. In the third of this four part series on malware attacks on enterprises, we explain the relationship between social networking and malware.

Relationship between social networking and malware
Social networking platforms and instant messaging services, along with peer-to-peer networks are the favorite vectors for disseminating different malware. Because of their wide popularity among computer users and the amount of personal information stored, social networking platforms have become the favorite hunting place for attackers.

Facebook has just celebrated 350 million accounts, each of them containing personal information, or at least the groundwork for initiating a spear-phishing attack. As one of the largest social networks connecting people around the globe, Facebook has been successfully used to lure users into disclosing their credentials for a long time. The phishing mechanism is simple, yet efficient: the victims usually receive a spam message announcing updates in Facebook’s Terms of Use or even an alleged account lockdown due to suspicious activity. In order to re-activate their account, the user has to follow an embedded link and log-in to the platform. As soon as they press the Login button, their authentication credentials are sent to an unauthorized third party via a PHP script. The collected accounts will be used to trigger worm infections or to collect data for other phishing attempts.

Spamming is also a common practice among social networking service users. Although Twitter and Facebook have begun reinforcing their policies, unsolicited comments, advertisements, graffiti and other types of spam are still present. Another service, such as the professional network LinkedIn, has become the favorite playground for people and organizations offering miscellaneous services. Spammers attempt to join users’ professional networks and then bomb them with messages advertising their products or services. During the past six months, multiple variations of LinkedIn spam have been identified- a warning sign showing that the precarious state of the global economy pushes more and more providers into abusively marketing their services via social networks.

While spam and phishing sum up almost 80 percent of the e-threats related to social networks, worms exploiting large platforms have rapidly escalated. During the last six months of 2009, numerous families of worms have been pestering the most important social networks such as Twitter, MySpace and Facebook.

Initially spotted on August 2008, the Koobface worm has been one of the most active and destructive e-threats affecting social networking platforms. The cyber-criminal team behind the worm has released multiple variants of it in order to extend their reach with multiple social networking services. The worm has been initially designed for Facebook, but subsequent variants of Win32.Worm.Facebook.A also targeted MySpace and Twitter accounts.

The viral infections took most of the platforms by surprise and the damage inflicted to users was beyond imagination. The infection technique was simple yet efficient: the worm used compromised accounts to lure friends into clicking the infected links.

Other Facebook worms blend social engineering with highly-advanced URL manipulations resulting in a cross-site request forgery in order to submit their message every time the user clicks on an infected link. These specific Cross-Site-Request Forgery attacks (also known as XSRF) are based on iframes running third-party scripts to manipulate Facebook into behaving as if the account user had sent a wall post.

The attacks on social networks can cause productivity loss - slowed networks due to the bandwidth waste, reduced e-mail processing and storage capabilities, time spent to sort and discard the unwanted messages, resource consuming collateral damages, such as detection and removal of malware, etc.

This article has been written with inputs from Catalin Cosoi, Senior Antimalware Researcher, BitDefender.