Facebook - an increasingly popular spreading vector for malware
Security Information Week 43, 2008
Facebook malware - propagation and types
Customized malware, which utilizes and targets the Facebook community, is emerging. Several reports about different types of malware are appearing, and more are certain to come.
Several techniques are used by the culprits. By hacking Facebook users the malicious person has a log of different means to her disposal. One such technique may be to use phishing techniques to get Facebook users' names and passwords. With one or several legitimate Facebook accounts she can e.g. post malicious links on the Walls belonging to the hacked users' friends. She can email the friends from the hacked accounts with malicious links and/or attachments, etc. etc.
One variant that has been seen lately, hijacks the Facebook user's account by utilizing the cookie session, and then posts messages to the person's friends. Such messages can include links that enable spreading of the malware itself. Clicking the links can also install other types of malware, which can perform all kinds of malicious behaviour. Example of a social engineering scheme using this technique is a link to a video which (supposedly) requires a flash update to run. When the user "installs the update" he/she is infected by malicious software.
The examples here are techniques that are quite commonly known from other communication methods (email e.g.). What is new is merely that Facebook is the arena that is targeted as the "platform" for spreading.
The communication channel is the issue
Whenever a new communication method is embraced by the Internet community, it also becomes a potential for exploitation by persons with malicious intent.
In the earlier years malware creation was an activity performed by a few in order to obtain "fame within the group". Over the years this has evolved and it is now a major illegal underground business with huge economic profit for successful criminals. Thus, these new criminal groups have substantial economic resources available for analyzing the potential for exploiting users and applications by different means, as well as for creating the software necessary to accomplish this.
Emails were for several years the main spreading vector for malware. In later months this has to a large degree been substituted by infected web sites (often using emails to lure innocent surfers to visit these webs), as discussed in our Security Information for week 48/2007. We have also seen several examples of malware that uses Microsoft's messaging systems as spreading mechanism, etc. etc.
In general it seems like the average Internet user significantly lower his defenses whenever a new communication device is used. The automatic "beware" that flashes into one's mind when a suspicious email is received, does not appear when the same suspicious message is received through e.g. MSN Messenger or Facebook. This fact is of course utilized by the bad girl who constantly attempts to find new methods to get your money into her pockets.
A changed approach to awareness
If it is correct that any new communication channel that is adopted, requires complete reeducation of all users regarding alertness to suspicious content, the implications are scary.
We can be absolutely certain that we have only seen the tip of the iceberg with respect to the new methods of communicating that will emerge in the years to come. Current methods will soon be obsolete and viewed as ridiculously old-fashioned. One may also assume that the mere number of different communication channels will increase. If the Internet community is going to be tricked by the same techniques over and over in different media, the bad girls have an ever-ending heyday to look forward to.
We must learn to distinguish better between the legitimate and the illegitimate message - regardless of the medium used to display the message.
