There is no need to wait for the appearance of mobile malware, since spam links on social networking sites are infecting a significant number of mobile devices, according to an analysis of a recent Facebook scam.
Malware
from social networking sites are a bigger security threat for mobile devices
than for hacked applications or mobile Trojans, according to antivirus software
provider BitDefender.
While
there is a lot of focus on mobile malware such as
Geinimi,
the Google Android Trojan, or
malicious
apps in Apple's App Store, it is far easier and more likely that users are
downloading worms and other malware onto their mobile devices by clicking on
questionable links on social networking sites, said BitDefender's security
researchers.
"By
mainly focusing on finding malware specifically designed for mobile platforms,
data security researchers may lose sight of a
mobile
platform threat that's already there: social network scams," said
BitDefender Threat Intelligence team leader George Petre, on
Malware
City.
Social
networking malware is largely platform-independent, so even though PCs are the
primary target, other devices can be infected, said Petre. The
Mac-variant
of Koobface proved exactly that, infecting Mac users by tricking them into
installing a malicious Facebook application.
"More
and more people are accessing Facebook through their mobile devices," Catalin
Cosoi, head of online threats at BitDefender Labs, told
eWEEK. After noticing "more and more cases" of Facebook scams
spreading on mobile devices, BitDefender Labs tracked a single campaign to
identify the magnitude of the problem, said Cosoi.
BitDefender
analyzed a recent scam that circulated a Facebook alert promising to show a
girl's Facebook status update that got her expelled from school, Cosoi said.
The "expelled girl" status used several links generated by various URL
shorteners, such as bit.ly and Google's goo.gl. Researchers analyzed the
traffic information for the short goo.gl URL and found that the link had 28,672
clicks between Jan. 4 and Jan. 5.
For
this single link, 24 percent originated from mobile platforms, said Cosoi. Other
shorteners were not analyzed because "goo.gl just offered more info," said
Cosoi. Bit.ly statistics only provide total clicks, and not information about
the user's platform or referrers, he said.
While
the majority of the users were on Windows, BlackBerry and iPhone were the
second and third most affected platforms, according to the site statistics.
Phones from Nokia, Samsung, SonyEricsson, and LG, as well as the iPod Touch,
were also included in the top ten affected platforms.
BitDefender
researchers extrapolated the statistics collected by Google to determine that
if 24 percent of the clicks on a single URL from a single campaign came from
mobile devices, then it was likely that these social networking scams affect a
significant number of mobile device users, Cosoi said.
According
to the Google statistics, Facebook and Facebook mobile were the two top
referrers, indicating that those two sites were the "primary victim pool," the
researchers said. Since the screen on mobile devices is a lot smaller that that
of a computer's display, the chances of getting tricked while socializing from
your cell are high, said Cosoi. "Not seeing the entire url and just bits and
pieces of the info can be quite tricky," he said.
As
for the scam, when users clicked to find out what the scintillating status was,
they downloaded a Facebook worm, gave the worm permission to spread by posting
itself on the wall, and then were asked to fill out surveys. The surveys were
how the scammers monetized this campaign.
There
have been a number of Facebook campaigns recently, such as the "My 1
st
St@tus" survey scam or the Koobface variant that pretends to be a photo album
app. The survey scam asks users to fill out surveys in hopes of unlocking some
kind of content that never appears. The survey scam itself is not all that
dangerous, unless it's bundled with a worm like the "expelled girl" link. In a
space of about two weeks, Graham Cluley, a senior technology consultant at
Sophos, tracked seven distinct survey scams on Facebook on the Nake Security
blog.
Email
Print
