Commercial Cyber Crime - Social Networks Malware


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Commercial Cyber Crime - Social Networks Malware

  1. 1. Commercial Crime International Cybercrime Online Social Networks – Launch pads for Malware The advent of social networks Social networks hold a plethora of personal information on the users that has turned the online world form the network. Individual connections between users collectively form into a virtual society. And a web of connections. To build each link between users an implicit trust whilst social networks serve is required between the two users and implicitly across the entire network. as seamless communication Any information provided by an individual user through chained connec- tions becomes a part of the full network. If an attacker is able to exploitchannels, they are also an ideal one user in the social network, they have the potential to be able to launch pad for malware push malicious content (such as malicious URL’s) into the network. infections. There has been a The connectivity of the network enables the spread of the exploitation. tremendous increase in the That is, the attacker exploits the weakest link in the chain. This exploita- dissemination of malware tion process is aided by the inability of users (and their stored objects) infections through social net- to determine the legitimacy of content flowing through the social network. works. But the security and The infection process begins with the exploitation of human ignorance privacy mechanisms of social and curiosity followed by spreading of the infection through the trust networks have proven insuffi- upon which the network is based. cient to prevent exploitation. Aditya Sood and Richard In order to start the exploitation process, an attacker can pick any issue Enbody explain the dangers. that affects human emotions to drive the user in a social network to follow the path generated by the attacker. Topics such as weather calamities, political campaigns, national affairs, medical outbreaks and financial transactions are used for initiating infections. Phishing and spamming are used extensively for spreading messages on these topics with malicious intent. Basically, it is a trapping mechanism used by attackers to infect an entire online social network. Exploit Mechanisms – The Art of Infection Since social network exploitation begins by exploiting an individual user’s trust, curiosity, or ignorance common attack strategies have emerged: One of the simplest infection techniques is the injection of malicious URLs into a user’s message wall. Since it can be difficult to differentiate between the legitimate URLs and illegitimate ones, even a careful user can be tempted to click on the link. Unfortunately for the user, clicking the hyperlink can result in automatic download of malware from a mali-Aditya K Sood is a senior security cious domain through the browser.researcher and PhD candidate at Browser Exploit Packs (BEP) hold a number of browser-basedMichigan State University. He is also exploits that are bundled together to customise the response to a victim.a founder of SecNiche Security Labs, When a user visits a malicious domain, the BEP fingerprints the browseran independent arena for cutting version and the related environment of the user machine. Based on thisedge computer security research. information, a suitable exploit is served to the user which exploits the integrity of that particular browser. Drive-by-Download attacks are triggered by visiting a malicious page. They exploit browser vulnerabilities in plugins and built-in compo- nents. Successful exploitation of the vulnerability results in the execution of shell code that in turn downloads the malware into the system. A variation of the Drive-by-Download attack is the Drive-by-Cache attack that can exploit browser cache functionality in order to execute malware. Malicious advertisements (malvertisements) are yet another tech- nique to spread malware infections through online social networks. When an attacker injects the malicious link in a user message board, it is linked to a third party website which has malicious advertisements embedded in it. These advertisements are further linked to malicious JavaScripts that are retrieved by the browser, which executes the malicious contentRichard J. Enbody Ph.D, is associ-Richard Enbody, in the context of running browser with the user’s privileges.ate professor in the Department ofComputer Science and Engineering The biggest problem with the online social networks is that they do notat Michigan State University (USA). have sufficient built-in protection against malware. For example, current continued on page 12/December 2011 More information online at 11
  2. 2. Cybercrime from page 11 EDF fined for hacking Greenpeace EDF, the French energy firm, UK’s executive director, John was recently fined Euro 1.5 million Sauven, said: “The evidencesocial networks do not scan the by a Paris court for spying on presented at the trial showed thatURL’s and embedded content Greenpeace. It must also pay the espionage undertaken by EDFcoming from third party servers Greenpeace Euro 500,000 in dam- in its efforts to discredit Greenpeacesuch as Content Delivery Networks. ages. Two EDF employees were was both extensive and totallyTherefore, there is no mechanism jailed, along with the head of the illegal. The company should nowto detect the authenticity of URL’s company they hired to hack into the give a full account of the spyingthat are passed as message con- environmental charity’s computers. operation it mounted.”tent among the user objects in theonline social networks. In addition, it EDF was charged with complicity Whilst anti-nuclear activists areis easy to upload malvertisements, in concealing stolen documents and reportedly furious at what EDF did,and social networks fail to raise complicity to intrude on a computer a security expert has commentedany warning. Online social networks network. It was claimed the com- that the only real surprise is thatare not harnessing the power of pany had organised surveillance this sort of trojan-assisted industrialSafe Browsing API’s from Google not only of Greenpeace in France, espionage has not reached theor similar services to instantiate a but broadly across Europe since courts before.verification procedure before post- 2004. And it was stated that ining a URL back to a user profile. 2006, EDF hired a detective agency, Philip Lieberman said that the caseLack of such basic protections is Kargus Consultants, run by a former is notable because the saga starteda key factor in making the social member of France’s secret services, more than five years ago. And, henetworks vulnerable to exploitation. to find out about Greenpeace wondered, how many other cases ofFinally, many social network users France’s intentions and its plan trojan-assisted industrial espionageare not knowledgeable enough to block new nuclear plants in the have been carried out in recentto differentiate between real and UK. The agency allegedly hacked years. What does this case tell us?malicious entities. Ignorance not the computer of Yannick Jadot, Quite simply that trojan-assistedonly results in exploitation, but also Greenpeace’s then campaigns infections are almost certainly angreatly impacts the overall security director, taking 1,400 documents. integral part of the modern-dayof online social networks. Because private detective’s IT arsenal whenof the high connectivity and need At the trial, EDF said it had been conducting industrial espionage,”for trust in a social network users victim of overzealous efforts, and he said. And we should ask whetherare particularly dependent on the had been unaware anyone would terrorists are using the same tech-built-in security features of online hack a computer. But Greenpeace niques to assist their networks, but the securityfeatures are not tough enoughto thwart many malware attacks.ConclusionRobust security and privacy mecha-nisms are indispensable for safe Published monthly by Commercial Crime Services,online social networking. Built-in Cinnabar Wharf, 26 Wapping High Street, London E1W 1NG, is necessary because Tel: +44 (0) 20 7423 6960 Fax: +44 (0) 20 7423 6961attackers exploit the trust, curiosity Website: Email: Website: www.icc-ccs.organd ignorance to garner maximum Editor: Andy Holder Email ajholder@gmail.comprofit. User awareness regardingsecurity concerns is important but ISSN 1012-2710can only spread gradually, so social No part of this publication may be reproduced, stored in a retrieval system, or translated in any form or bynetworks should be proactive and any means, electronic, mechanical, photocopying, recording, or otherwise without the prior permission of the publishers.develop more sophisticated andstringent mechanisms to thwart While every effort has been made to check the information given in this publication, the authors, editors,malware infections. Safe and secure and publishers cannot accept any responsibility for any loss or damage whatsoever arising out of, ortransmission of the information and caused by the use of, such information. Opinions expressed in Commercial Crime International are those ofrobust user’s privacy should be the the individual authors and not necessarily those of the publisher.paramount concern of the social Copyright 2011. All rights reserved.networking companies.