Last year brought a surprising, and seemingly positive, change in the number of security threats: it was the first year we saw spam volumes drop. That decrease was a significant change from the previous decade, in which spam volumes roughly doubled every year, compounding to yield a dirty Internet where about 90 percent of the email flowing over the backbone is spam. So does the drop in spam volume mean spam is suddenly less of a problem? Have spammers given up and gone home, or maybe developed a conscience and let up a little?
Unfortunately, no. Spam has just changed. It’s become more sophisticated. We are seeing a massive shift away from the spray-and-pray tactics of the past to much more targeted and complex attacks. One consistent trait of attackers: they always follow the money. Therefore, as social media sites such as Facebook have experienced explosive growth (and explosive valuations), it’s no surprise that threat writers are exploring ways to tap into these networks to deliver the next generation of attacks.
One such example of these new evolved threats is the Koobface malware. The name Koobface is Facebook in reverse (sort of). Koobface was designed to tap into the massive network of trust that exists in large social networks such as Facebook.
When Koobface infects a machine, the malware runs silently and observes a user logging in to his or her Facebook account, capturing the username and password. With a real user’s Facebook credentials, the Koobface malware can later log in to the user’s Facebook account and send messages to all the victim’s friends. Often it will post a message along the lines of “Hey, is it really you in this YouTube video?” and include a link such as: http://ristorcasanova.it/youtube.com. Most users would mistake this for a real YouTube site, but, of course, it’s not. The curious user clicks on the link and is led to a site that says, “You need to update your Flash player, click here to download the update,” or some similar message. Then the user downloads the Koobface malware and installs it (tricked into thinking it was an Adobe update).
Because this attack was seemingly coming from someone the victim knew well and trusted, the response rates were very high. Millions of users were getting infected. Sweeping out of control, it needed to be stopped. But how? Certainly the old rules of security didn’t apply here. Everything we knew about security had to be re-imagined. Check in later this week for Part 2, where we’ll discuss how we need to rethink security in the social age.
This blog was originally published on: http://blogs.forbes.com/tomgillis/2011/04/26/unsociable-social-media-brings-a-new-wave-of-threats/