Social Networking Security Attacks: The Top Incidents of 2010
by Brian Prince
Koobface
It needs no introduction. Koobface has tormented users of numerous social networks for the past two years or so, including MySpace and Facebook. During that time, Koobface has evolved in a number of ways, and has been linked to rogue antivirus and malware posing as an Adobe Flash Player update.
Weekend of the Clickjack
During Memorial Day weekend, a clickjacking worm squirmed its way into the lives of hundreds of thousands of Facebook users. The scam worked this way: A message such as “The Prom Dress That Got This Girl Suspended from School” was used as a lure. Clicking on the link that came with the message led users to a third-party site, and clicking anywhere on that page published the initial message on the victim’s Facebook page, marked the page as something the user liked and recommended the page to their Facebook friends. In response, Facebook blocked the malicious site associated with the attack.
Malicious Applications
From time to time, social networks are hit with malicious applications. Trend Micro recently found a number of rogue apps on Facebook (with names such as “Stream” and “Birthday Invitations”) that sent users to a known phishing domain with a page claiming they needed to enter their login credentials to use the application. Victims would then be directed to the Facebook site. Facebook removed six of the apps identified by Trend by Aug. 20. Unfortunately, more popped up. Users should be wary of applications from unknown developers and that request personal information.
Malvertising Hits Farm Town
In April, users of the popular “Farm Town” game on Facebook were hit with a rogue antivirus scam tied to malicious advertising.
Command and Control
In 2009, security expert Jose Nazario found attackers were using Twitter as a means to send commands to infected computers. In July, EMC’s RSA security division uncovered a scheme that used an unidentified social networking site to send commands to a Brazilian banker Trojan. The good news is once detected, removing these types of C&C points is relatively simple and quick.
Distracting Beach Babes
Just when you thought it was safe to click on a link with a racy picture, the “Distracting Beach Babes” attack struck. Messages were posted on the walls of Facebook users, and the thousands who clicked on the messages were directed to a rogue Facebook app that, if given permission to run, urges users to upgrade their FLV player and directs them to download adware to their computer.
Dislike the Disliking Scam
This survey scam spread virally throughout Facebook. Using the tried-and-true method of enticing messages about celebrities and news (for example, “Justin Bieber trying to flirt”), the scammers tried to trick users into giving them access to their profiles. If a user installed the “dislike button,” the app updated their Facebook status to promote the link that tricked them. The app then prompted users to fill out an online survey and directed them to a Firefox browser add-on.