I recently attended the M.I.T Spam Conference. The conference was originally purely about spam, but with time it’s evolved into more of a mail and malware security conference. This year, the hot topic was oriented around social networks and how spammers (or, more appropriately, cybercriminals) are exploiting this to expand their illicit businesses. Note that I will use the term spammer in the broader sense for the remainder of this blog. A spammer is just an all round bad guy.
Web 2.0 is leading us to operate and collaborate more through our web browsers than ever before. Consequently, sites like Facebook, Twitter, LinkedIn and MySpace are being used more aggressively for everything from chatting to marketing. Spammers are loving this.
Take spear phishing, which is directed phishing. A simple yet scary example is as follows: Oscar (bad guy) does his research on Company X, whose profile is on Facebook and/or LinkedIn. His research leads him to the realization that Mr. Boss is the boss of Mr. Employee in Company X. He then formulates a simple mail with a malicious link to Mr. Employee impersonating Mr. Boss. Immediately he has increased the odds of Mr. Employee clicking the link. Say he does even more research on the social networking site and finds that Mr. Employee is in fact in the marketing department. He could then send mail to Mr. Employee with content such as:
From: Mr. Boss
Subject: Excellent Marketing Article
Hi Mr. Employee,
Please review the following:
http://www.somedomain.com/articles
Regards,
Mr. Boss
How carefully would you examine the target of the link in the mail above?
Another example that came up was how spammers can now increase their network of compromised machines through social networking sites. Sites like Facebook and Twitter provide powerful APIs so anyone can write applications for them. Spammers are capable programmers and have already written illicit applications that direct you to malicious sites that will, in turn, prompt you to install programs that infect your computer.
The trojan Koobface (an anagram of Facebook) was outlined as such an example. I researched Koobface a little and found an excellent article on what it can actually do. Quite frankly, it’s very impressive. An infection by Koobface can result in you running everything from a webserver to a CAPTCHA breaker on your machine which, in turn, becomes part of the Koobface botnet.
Say someone on your Facebook friends list decides to install an application like, ‘Who’s browsing my profile?’ [Note that this was an actual malicious application but not related to Koobface.] That application clearly goes against all privacy rules outlined by Facebook, but certainly has an appeal. Unfortunately, installing this application results in your friend sending links to some sort of video to all his/her friends with a catchy title like ‘you look great in this video.’ Those who want to watch the video are directed to a malicious site that requires you to install the ‘latest’ Adobe Flash player. Those that do install the ‘player’ get infected and suddenly their computers are under the control of the KoobFace C&C.
See this Koobface Article for more details. If you do not wish to read the entire article, please check out Figure 1 on page 2: it really is quite impressive.
In summary, Web 2.0 has led us to a new world where online communication through social networks is rapidly becoming the norm. Spammers are more than aware of this and consequently we need to be that much more attentive of what we do online. The two examples I’ve outlined above show just how powerful their new techniques are and I didn’t even get into identity theft! Think about it.
I still can’t believe I missed that koobface is facebook =)
It’s interesting to see that a Web2.0 has opened the door for a whole new style of ‘spamming’. I’ve received many of those ‘I saw you an in a video’ types and gladly am not *that* curious. But can’t say the same for most people.