This document summarizes advanced social network and mobile attacks. It discusses threats like malware spam, drive-by downloads, malicious applications, and session hijacking on social networks. It also outlines threats to mobile devices, including vulnerabilities in mobile web browsers, content provider leaks on Android, and zero-day attacks using Google Latitude. Examples are provided of spyware targeting BlackBerry and iPhone users.

1. Advanced Social Network and Mobile
Attack
Nipon Nachin, Consulting Manager
ITIL Expert, CISSP, GIAC GFCA, CISA, CISM, CSSLP, AMBCI, IRCA ISMS, ITSMS, BCMS Provisional
Auditor, SSCP, Security+
Prathan Phongthiproek, Red-Team Manager
eCPPT, E|CSA, C|EH, CIW Security Analyst, CPTS, CWNP, CWSP, Security+, ITIL-F
ACIS Professional Center

2. Social Network
RSS feed
Source: 2008 CSI Computer Crime & Security Survey
2

3. Social Network Threats
1) Malware Spam
2) Drive-By-Download
3) Malicious Applications
4) Session Hijacking
Source: 2008 CSI Computer Crime & Security Survey
3

4. Malware Spam
1) Osama execution video scam
2) Enable dislike button
3) Top 10 profile spies
Source: 2008 CSI Computer Crime & Security Survey
4

5. Malware Spam
Source: 2008 CSI Computer Crime & Security Survey
5

6. Drive-By-Download
1) Malicious URL Shorten
2) Internet Explorer / Mozilla Firefox / Safari / Chrome
Vulnerabilities
3) Web Browsers Toolbar
4) Adobe products vulnerabilities; **Flash, PDF, Etc
5) ActiveX and Java Applets
Source: 2008 CSI Computer Crime & Security Survey
6

7. Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey
7

8. Drive-By-Download
(1) Client visit the landing page
(2) Redirect to get exploit
(3) Redirect to get exploit
Victim
(4) Download exploit
Source: 2008 CSI Computer Crime & Security Survey
8

9. Drive-By-Download
Spyware
Adware Viruses
Unwanted/
offensive Trojans
content
Potentially
unwanted Worms
applications
Phishing
Source: 2008 CSI Computer Crime & Security Survey
9

10. Drive-By-Download
Source: 2008 CSI Computer Crime & Security Survey
1

11. Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey

12. Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey

13. Malicious Facebook Applications
Source: 2008 CSI Computer Crime & Security Survey

14. Sessions Hijacking
Source: 2008 CSI Computer Crime & Security Survey

15. Sessions Hijacking with Firesheep
1) For now, Unable to attack Facebook **Have to Modify source code
2) Only support over HTTP
- Hotmail, Twitter, Facebook, Etc
3) Sniff on-the-Fly (Wifi Hotspot)
4) Over Network, Have to ARP poisoning
Source: 2008 CSI Computer Crime & Security Survey

16. Sessions Hijacking
Source: 2008 CSI Computer Crime & Security Survey

17. Sessions Hijacking Over HTTPS
1) Using SSLStrip for kill SSL sessions
2) Rouge Access point or Arp poisoning on the wire
Source: 2008 CSI Computer Crime & Security Survey

18. Sessions Hijacking Over HTTPS

19. Mobile Threats
Source: 2008 CSI Computer Crime & Security Survey
1

20. BlackBerry

21. Mobile Safari Still Vulnerable To Pwn2Own Exploit

22. Mobile Web Browsers
Common problem: bad security UX

23. Android Content Provider File Disclosure

24. Google Latitude Zero Day Attack

25. Google Latitude Zero Day Attack

26. Google Latitude Zero Day Attack - Example
https://www.google.com/accounts/ServiceLoginAuth?Username
=morphuesor@gmail.com&password=xxxxxx&s=sss=&xxx=dd
dddd

27. Google Latitude Zero Day Attack on iPhone

28. Google Latitude Zero Day Attack

29. FlexiSPY BlackBerry Spy Phone

30. FlexiSPY Apple iPhone Spyphone

31. Spyphone – ดักฟังการสนทนา
31

32. 28th – 29th June 2011, Grand Millennium Sukhumvit, Bangkok

33. http://www. TISA.or.th
Copyright © 2009 TISA and its respective author
(Thailand Information Security Association)
Please contact : varapong@acisonline.net