Malware Gravitates to Social Networks

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

The "clickjacking" attack on the Twitter social networking service last week is part of a growing trend of social engineering attacks via social networks, say experts.

"We've seen a lot of these social networking and peer to peer sites targeted in general for a bunch of different reasons," said Sam Curry, the vice president of product management and strategy for RSA. "It's a law of large numbers in many ways."

Curry calls the attacks through social networking attacks "orthogonal attacks." As users have become aware of phishing attacks and other efforts to get at their personal data, hackers have turned to social networks and "brand attacks," like the recent CNN.com-spoofing Cease-Fire Trojan to spread malware that goes after the same information once installed on the victim's computer.

In the case of Twitter, the service moved to block clickjack exploits last week, according to Biz Stone, co-founder of Twitter. He said in an e-mail to InternetNews.com that the company is serious about blocking such attacks.

"We've found that proactive security reviews, quick reaction time when there is an incident, and communication with our users in a timely manner are effective techniques in dealing with exploits," he wrote.

While the Twitter clickjack only spread itself and had no apparent malware associated with it, social engineering attacks on other social networking sites have hardly been so benign.

The recent scareware links on Digg.com and the Koobface virus currently spreading across Facebook are both examples of social-engineering based attacks that are tailored to the habits of social networking users, with a much more significant security threat attached.

Because of the nature of social networks, they're particularly attractive to hackers, according to Craig Schmugar, a threat researcher for McAfee. "The nature of user interaction within social networking sites is being exploited by malware authors and distributors, and that’s definitely on the rise." said Schmugar.

"Unfortunately, a lot of it is just straight social engineering," he said. "They're not exploiting any security vulnerabilities, but they are crafting messages like 'don't click me' to capture users' attention and take them to completely different sites."

That sort of attack puts social networking sites in a difficult situation, he says. "Even if you test as much as you practically can to validate user input, you've got millions of users out there, a small subset of which are trying to poke holes in the application, but it still is a lot of people, and you can't assume your QA is 100 percent. So if you at least on the back end do some additional scanning you have a better chance of catching it."

This article was first published on InternetNews.com.