Pierluigi Paganini December 14, 2012

Social networks are platforms that have monopolized majority of user’s internet experience, the imperative is to “social”, and everybody share an incredible amount of personal information exposing its digital identity to serious risks.

An element of attraction for cyber criminals is the huge number of services, from gaming to payments, that are developing on these platforms that could be exploited to realize more or less complex fraud schemas.

Social media platforms are very attractive also for governments and intelligence agencies that are adopting them to conduct OSINT researches, cyber espionage and to influence public sentiment of particular thematic, also law enforcement are demonstrating a great interest on new social tools. Corps such as FBI are developing a new generation of tools to conduct its investigations, recently the U.S. Department of Justice announced the arrest of 10 individuals suspected to have created a botnet that infected more than 11 million of pc all over the world causing financial loss of  more than USD 850 millions.

The suspected are accused to have actively participated to the realization of one of the most profitable cybercrime in the modern history, they are from different countries and continents such as US, United Kingdom, Bosnia and Herzegovina, Croatia, Macedonia, New Zealand, Peru.

The story is dated 2008, when the dangerous botnet Butterfly, also known as Mariposa, was discovered after infected 12 million machines worldwide, in 2009 it was decapitated. As usual, the botnet was designed for different purposes, the criminals used , and also rented, illegal services such as spamming and phishing services, denial of service attacks, and sensible information. The bot agents were able to alter also user’s search results inside browser showing advertisements and pop-up ads, hijacking victims navigation.

The criminals used file-sharing and instant messaging platforms to spread the malicious code known as Yahos that stolen financial information from over 800,000 victims. The virus was active for years, it uses social networks and instant messaging platforms, such as AIM and Yahoo! Messenger, to send “infected links” to the victims that once link on it allow the downloading of botnet exploits.

FBI press release states:

“Facebook’s security team provided assistance to law enforcement throughout the investigation by helping to identify the root cause, the perpetrators, and those affected by the malware. Yahos targeted Facebook users from 2010 to October 2012, and security systems were able to detect affected accounts and provide tools to remove these threats.”

No news has been provided regarding the support of Facebook’s security team to law enforcement but it must be considered that it’s not first time that the experts are involved in investigation of this type.

Social network platforms are privileged targets for cybercrime that in a recent past have spread malware through the popular Facebook. Koobface virus is undoubtedly considered as the malware of social network because it was one of the first to use them as vehicle of infection.

Koobface unlike other malware propagated through social networking using an “active approach to its spread,” infecting each host and then propagate into the network, regardless of user awareness that in some cases deliberately share content with friends.

The most common infection method is through via fake content on compromised web site. It is sufficient to click on one of the links which Koobface has posted on this web site. Usually this links attract user proposing the download of cool video or applications, unfortunately behind this links is hidden an installer for the Koobface virus. The good news is that usually this type of malware are identified with little difficulty by leading antivirus on the market.

Early 2012 another virus has hit Facebook, it was named Ramnit and it has stolen usernames and passwords of more than 45,000 users mainly from France and the UK, according to a bulletin issued by security researchers at Seculert.

Anyway to prevent the spread of malicious agent it is fundamental that users adopt a proper behavior and use updated security defense systems as suggested by the FBI’s release.

Pierluigi Paganini