It should not come as big surprise that hackers are more and more interested in social networks.
Just how much however is underscored by Breach Security’s Web Hacking Incidents Database 2009 Bi-Annual Report. According to their research, social networks like Facebook and Twitter were the most targeted vertical market in the first half of 2009, accounting for 19 percent of all hacking incidents.
Last week, Arbor Networks’ Jose Nazario discovered an attempt by attackers to use Twitter as a command and control to send instructions to infected computers. Since then, Symantec and others have come out with additional research shedding light on the situation.
According to Symantec, obfuscated Twitter messages are being used to send out new download links to malware Symantec calls Downloader.Sninfs, which in turn downloads a password-stealing Trojan known as Infostealer.Bancos.
“Our investigation and analysis of Downloader.Sninfs is ongoing but has so far shown that it reads a specific Twitter.com RSS feed only once,” blogged Symantec researcher Peter Coogan. “The RSS feed is simply a text file similar to other RSS feeds found on other Internet sites. The RSS text file contains information as to where Downloader.Sninfs can find additional threats to download onto the compromised system. In this way the RSS file acts like a config file for the malware.”
Beyond this incident, the notorious Koobface worm continues to enjoy success, and numerous malware campaigns targeting Facebook and other sites have made headlines in the past several months. Part of this is likely due to their success rate. Kaspersky Lab reported earlier this year that malware attacks over social networks were 10 times more effective than those launched over e-mail.
Taken together, the situation underscores the fact that attackers are going to follow users — as social networks continue to grow, so will their footprint on the threat landscape.
“The dramatic rise in attacks against social networking sites this year can primarily be attributed to attacks on popular new technologies like Twitter, where cross-site scripting and CSRF worms were unleashed,” Ryan Barnett, director of application security research for Breach Security, said in a statement. “Looking back at 2008, a notable election year, government-related organizations were the top-ranked attack victims and have now dropped to number three. The WHID report demonstrates that hackers can be fickle, following popular culture and trends to achieve the most visible effect for their efforts, which means that companies must be vigilant in implementing web application systems and monitoring application activity.”