Main » 2011 » Март » 16 » Social networks as a platform for creating a botnet
12:35
Social networks as a platform for creating a botnet

Introduction


It's no secret that social networks have long been an attractive platform for various kinds of cyber crimes such as spamming, phishing, pharming and other accounts. The reason lies in a number of properties possessed by all social networks and that can be used by hackers for their own purposes. These properties are primarily:
  • A huge user base
  • Appearance bonds of trust both between users and between user groups
  • highly distributed user base, geographical and temporal parameters
  • Computer illiterate users of social Network

People familiar with information security is not necessary to explain that when a combination of methods of technical and social engineering, these properties allow to achieve the desired result in a short time with minimum expenditure of effort.

The Legitimate Vulnerability


At the moment, providing an API for creating third-party applications for social networking has become virtually a de facto standard. In most cases, it is assumed that an application created by using the API data will not be harmful, and certainly because of the huge number of applications generated by checking each of them seems an impossible task. Accordingly, your application added to the base of a social network without proper verification of the fact whether they are malicious software.
The situation also exacerbate the previously mentioned relation of trust and above all the credibility of the social network. Despite the fact that the administration strongly suggests that these applications are the product of third-party software, most users do not pay attention to it, preferring to trust any application by default.
As a result - attackers have the ability to add and distribute malicious software tools provided by most social network.

Wormhole


largest social network Facebook is regularly attacked by worms. In everyday life, even entered a special term - rogue app. Using completely legitimate means afforded FaceBook API, worms spread by sending messages to friends of the infected account. Of course the main purpose is to spread these worms or other malicious software that infects a user's machine, respectively, creating a botnet.
Subject to such attacks and domestic network VKontakte. In this case occurred, and direct attacks on a user's machine using a vulnerability in Flash technology.
I will not delve into the topic more such attacks, since most of them are already covered by Habre.

So where is my botnet, or the first robin


Apparently the idea of ??using social networks to organize a botnet is as old as themselves API. In this article I would like to draw attention to a relatively new method. This year a group of Greek researchers created a proof of concept application for Facebook, which unbeknownst to users to DDOS attack on a given target (server controlled by the researchers).
The application itself was a "Picture of the Day", which is loaded into the user profile image from the server National Geographic. In parallel with this downloading executable client code to Javascript, which loaded the file from the attacked server in a hidden iframe.
In fact, the botnet was created by elementary, who scored a channel target server. Has been demonstrated by the ability to create a distributed botnet on the line, fulfilling the legitimate code in a user's browser application.
Interested in developing this theme, I went to Google to search for evidence of real attacks using similar methods. In the public domain I can not find much information on the topic. I found only one mention in the blog application developer to FaceBook, which is also incidentally is quite interesting in itself. In this case, one application produces an attack on another by sending requests to the target application in an endless loop. According to the author attacked application, it took him a few days in which to determine the nature of the attack (due to the fact that the application is masked, replacing the referrer), and the problem itself decided to ban the connection of other applications.

Conclusions


In the form in which they are available now, API social networks can be used as a platform for various types of attacks. Certainly the most simple and effective application - it's DDOS attack.
I have seen three main points that make this an attractive method for creating a botnet to attackers:
  • Ease of writing. Rather elementary yavaskrit code (hello skriptkiddi).
  • Ease of distribution. Within a few days you can get a botnet of several thousand users
  • highly distributed attacks that complicate its lock

Of course there are several downsides:
  • The difficulty of controlling the botnet, a limited number of action
  • For high efficiency should be achieved a certain threshold of simultaneous use of applications
  • Using the majority of applications is limited only a few minutes, thus minimizing the effectiveness of the attack
  • The relative simplicity of protection

Having spent some effort, attackers can overcome these disadvantages, increasing the efficiency of attack and complicating its detection / lockout. Just want to add that in addition to DDOS attacks, a number of other malicious actions that can be performed on the basis of such a botnet.

As a postscript, I note that this method can be used to advantage. There are already proof of concept application on Javascript to run distributed computing. Time will tell in what direction will develop and whether it will do.
Views: 480 | Added by: w1zard | Rating: 0.0/0
Total comments: 0
Имя *:
Email *:
Код *: