2 pages

Français

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Web Threat Spotlight

alurenum - Bernadetteca

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

2 pages

Français

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Web Threat Spotlight

Sujets

Arts

Informations

Publié par	alurenum
Nombre de lectures	59
Langue	Français

Extrait

PAGE 1 OF 2 – WEB THREAT SPOTLIGHT

Web Threat Spotlight

A Web threat is any threat that uses the Internet to facilitate cybercrime.

ISSUE NO. 83

FEBRUARY 21, 2011

“Surprise” Messages on

Facebook

Lead to Malware Download

Threats are becoming increasingly adept at adapting social media in their attempt to trick users into downloading malware. In this recent attack,

a basic spammed message in a user’s

Facebook

inbox supposedly alerted users to a “surprise.”

The Threat Defined

Facebook

is one of the most popular social networking sites in the world with over 500 million members and

growing. According to

Facebook’s

own 2011 statistics

, its milestones for international growth include the fact that

70 percent of its users are from outside the United States, 50 percent of whom log on to the site daily.

Nothing encapsulates the Web 2.0 concept more than social networking sites like

Facebook,

which gives users the

ability to connect, communicate, and share with others. With over 500 million members and growing,

Facebook

was

also the

most visited website in the United States in 2010

. This is the primary reason why cybercriminals choose to

exploit the social networking site for malicious intent.

Almost all social networking sites have a messaging platform that can be abused to carry malicious links. In fact,

last September,

phishers abused

Facebook Chat

In that attack, affected users unknowingly spammed links via

Facebook Chat

to their friends. Those who clicked the spammed links were then led to a phished

Facebook

page.

Entering one’s

Facebook

credentials into the fake page was analogous to surrendering these to phishers.

Facebook’s

messaging platform has also been relentlessly abused by the people behind the

infamous KOOBFACE

botnet

. A typical KOOBFACE infection starts with a spam sent through

Facebook, Twitter, MySpace,

or other social

networking sites. The message usually contains a catchy message with a link to a supposed video, which made

KOOBFACE the first malware to successfully propagate through social networks.

The newest malware that utilized this

tactic was spotted. It took advantage

Facebook’s

messaging platform in

the guise of a personal message

from one’s friend. The message

contains a link that supposedly

points to a

Blog*Spot

(now

Blogger

)

page along with the text, “I got u

surprise.” Clicking the link redirects

users

legitimate-looking

Facebook

application page where

the surprise supposedly awaits. The

fact that the link to a

Blog*Spot

page

leads to a

Facebook

page instead is

already

suspicious.

users,

however, fail to recognize the scam

here and still click the “Get a surprise

now!”

image,

they

end

downloading

TROJ_VBKRYPT.CB

onto their systems. This Trojan, in

turn, downloads

TROJ_SOCNET.A

which sends messages to affected

users’

Facebook

and/or

Twitter

friends. The message contains a link to a site that hosts the malware from which the

entire chain started—TROJ_VBKRYPT.CB. This last fact makes the attack more dangerous, as it proves that the

malware is self-sustaining.

Figure 1.

TROJ_VBKRYPT.CB infection diagram

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

Web Threat Spotlight

Arts

YouScribe

Le catalogue

Le service

Les conditions