On-line social networking sites are an attractive venue for spreading malicious links, because of the increasing amount of time people spend there. Moreover, these sites are becoming more effective for distributing links than email because of the relative sophistication of spam-fighting tools.
How will the attackers' use of social networks for spreading links affect the way we conduct ourselves on line? What tools will we need to safeguard our activities?
Example: Koobface Propagates via Social Networks
Koobface is a classic example of malware that used social networks, such as Facebook and Twitter, to propagate. When a person's system was infected with Koobface, the worm accessed the user's social networking account and sent a message to the victim's friends or followers with a link. When someone clicked the link, the person was directed to a website that attempts to infect the visitor with Koobface.
Koobface authors employed creative techniques to social-engineer people into clicking the link and to bypass security measures. For instance, Websense documented how Koobface sometimes shared a purposefully broken link to avoid Facebook's URL filters. In this scenario the attacker expected that the victim's desire to visit the destination will lead him to manually fix the link and paste the URL directly in the browser.
People Won't Stop Clicking on Links
Malware spreads with ease on social networks, because people frequently use them for sharing links to websites, articles, videos and stories that they like. Since the links are seen as being distributed by a friend, many people click on them.
We used to advise caution when opening email attachments. That wasn't very helpful advice, because people exchange email with strangers quite often. Moreover, attackers began sending malicious attachments from email accounts familiar to the recipient.
Similarly, people will continue clicking on links shared on social networking sites, even as people become increasingly aware of the risks. It's in our nature to be curious. Perhaps if Descartes were alive today, he might proclaim: Clicco ergo sum!
Securing Clicks on Social Networking Sites
Much like we've developed sophisticated tools for dealing with unwanted email messages, we will need better tools for sifting through links exchanged on social networks. These tools might:
- Flag anomalies in the frequency, time and characteristics of the links shared by our friends.
- Assess the social network reputation of the person sharing the link.
- Examine the destination of the link for malicious code.
- Look up the link in the list of known good or bad links.
- Identify web pages that attempt to mimic the look of a legitimate social networking site
Social networking sites are performing a level review of the links shared by the users, and probably incorporate some of these elements. In addition, users can install local link-validation tools, such as SiteAdvisor. Anti-virus companies are also starting to experiment with social networking apps for safeguarding their users activities, such as BitDefender Safego.
However, these security efforts are still relatively early in their development cycles. The issues associated with links distributed through social networks will probably get worse before getting better. Those looking for an idea for a security start-up might find an opportunity in this space.
This note is part of a 4-post series that reflects upon malware-related activities on on-line social networks and considers their implications. Other posts are:
- When Bots Control Content on Social Networking Sites
- When Bots Chat With Social Network Participants
- When Bots Use Social Media for Command and Control