SlideShare a Scribd company logo

Today’s hidden dangers: Social networks under attack

Stefan Tanase
Stefan Tanase

A timeline of security incidents on social networks in 2009.

TechnologyHealth & Medicine
1 of 18
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Today’s hidden dangers: Social networks under attack Ștefan Tănase Senior Regional Researcher Kaspersky Lab EEMEA Webstock 2009 – Bucharest, Romania - 18 September 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • Do you believe in superstitions? I don’t. • 911 - emergency phone number • Today: • 18 September 2009, 18.09.2009, 18.09.09, 18.9.9 • 1 + 8 = 9 • Today’s presentation: • 11 security incidents that changed the social networking world in 2009. 11 and 09. • Social networks: 911 Overview 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) LinkedIn – just a starter 18 September 2009 Webstock 2009 • Massive malware campaign starts targeting LinkedIn • Why LinkedIn? Beacause it worked! • Blackhat SEO • By googling for “Jessica Alba naked” or “Keri Russell nude” the user would find the malicious profiles indexed • Top 5 in SERPS • January 2009 - Bogus LinkedIn profiles serving malware
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • February 2009 – First commercial Twitter spamming tool • Tweettornado.com - “fully automated advertising software for Twitter” • Was empowering phishers, spammers, malware authors and everyone with the ability to generate unlimited Twitter accounts • Features: add unlimited number of followers, automatically update all accounts through proxy servers with identical messages Twitter spam gets automated 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • April 2009 – Twitter gets hit by XSS worm • Multiple variants of the worm were identified • Thousands of spam messages containing the word "Mikeyy“ filled the timeline • Proof of concept – no malicious intent • Author got a job at a web security company Comeback of the XSS worm 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Comeback of the XSS worm 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Social engineering at its best 18 September 2009 Webstock 2009 • Public information posted to social networks by twitter admin • Used by French hacker in social engineering attack • To answer Yahoo! Mail security question and reset the password • “Wow - my Yahoo mail account was just hacked.“ • “If anyone with Yahoo! Security is out there, hit me up with an reply“ • April 2009 – Twitter admin panel gets hacked
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • May 2009 – Harvesting email addresses in real time • Why search for emails when you can get fresh ones in real time? • http://search.twitter.com/ is the answer! • Simple, but effective search queries: • “email me at” + “yahoo.com” • “contact me at” + “gmail.com” • Personalized attacks start happening What are you doing? Harvesting. 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Trendy malware 18 September 2009 Webstock 2009 • June 2009 – Trending topics start being exploited
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Short URLs, big problems 18 September 2009 Webstock 2009 • The best things about short URLs • There are so many! • Problems with short URLs: • Social engineering is easy • Questionable reliability • Implicit trust • Cli.gs gets hacked, no malicious intent – but what if? • Too many redirects hosted in the same place is not good news • June 2009 – URL shortening service Cli.gs gets hacked
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • June 2009 – Guy Kawasaki's Twitter account hijacked • Of course, it was used to push malware. • Both Windows and Mac malware. • 140,000 Twitter users were potential victims. • The hook? “sex tape video free download” Follow me! Me me me! 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) The web 2.0 worm 18 September 2009 Webstock 2009 • June 2009 – Explosive growth of Koobface modifications • The number of variants detected jumped from 324 at the end of May to almost 1000 by the end of June 2009 • This sign of increased cybercriminal activity involving social networks in the past months proves that the strategies being used by the bad guys to infect users are much more efficient when adding the social context to the attacks
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) The web 2.0 worm 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Koobface on the tweet 18 September 2009 Webstock 2009 • June 2009 – Koobface spreading through Twitter also • First discovered one year ago by Kaspersky Lab, Koobface was only targeting Facebook and MySpace users • Being constantly “improved”, now spreading through more social networks: Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and most recently… Twitter
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) One bird and two stones 18 September 2009 Webstock 2009 • August 2009 – Twitter knocked offline by DDoS attack • The morning of August 6th - Twitter gets hit for an extended period of time • Rumors they are facing a massive distributed denial-of-service attack • Twitter confirmed the outage in a brief status message • Service was restored gradually, first in the US, then the rest of the world • Problems with the API lasted several days
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) That’s it? 18 September 2009 Webstock 2009
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) What’s next? 18 September 2009 Webstock 2009 • It is just the beginning • Attack techniques exploiting social networks will continue to grow • Social networks will open up new ways for targeted attacks against individuals • It will be very hard for social networks to do better: their business means usability, not security • Be careful out there!
Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Thank you! stefant@kaspersky.ro twitter.com/stefant Ștefan Tănase Webstock 2009 - Bucharest, Romania - 18 September 2009 Senior Regional Researcher Kaspersky Lab EEMEA

Recommended

7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats mohamad Hamizi
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices mohamad Hamizi
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 

Recommended

7 social engineering and insider threats
7 social engineering and insider threats 7 social engineering and insider threats
7 social engineering and insider threats mohamad Hamizi
 
2 cybersecurity best practices
2 cybersecurity best practices 2 cybersecurity best practices
2 cybersecurity best practices mohamad Hamizi
 
What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.What is Social Engineering? An illustrated presentation.
What is Social Engineering? An illustrated presentation.Pratum
 
Social engineering
Social engineering Social engineering
Social engineering Vîñàý Pãtêl
 
Social engineering presentation
Social engineering presentationSocial engineering presentation
Social engineering presentationpooja_doshi
 
Securing Africa - 2009-2010
Securing Africa - 2009-2010Securing Africa - 2009-2010
Securing Africa - 2009-2010Costin Raiu
 
Automated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeAutomated Targeted Attacks: The New Age of Cybercrime
Automated Targeted Attacks: The New Age of CybercrimeStefan Tanase
 
Inovatie locala, impact global
Inovatie locala, impact globalInovatie locala, impact global
Inovatie locala, impact globalCostin Raiu
 
Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Opportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to CollaborateOpportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to CollaborateAnand Deshpande
 
Health Care Social Media Summit Keynote
Health Care Social Media Summit KeynoteHealth Care Social Media Summit Keynote
Health Care Social Media Summit KeynoteLee Aase
 
Top 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 PersonalizationTop 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 Personalizationchmingl
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.Sumutiu Marius
 
Mcetech 2009 - Open Social
Mcetech 2009 - Open SocialMcetech 2009 - Open Social
Mcetech 2009 - Open SocialClaude Coulombe
 
SCK Social Media 2009
SCK Social Media 2009SCK Social Media 2009
SCK Social Media 2009Stories Worth Retelling
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

More Related Content

Similar to Today’s hidden dangers: Social networks under attack

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted AttacksStefan Tanase
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct roCostin Raiu
 
Opportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to CollaborateOpportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to CollaborateAnand Deshpande
 
Health Care Social Media Summit Keynote
Health Care Social Media Summit KeynoteHealth Care Social Media Summit Keynote
Health Care Social Media Summit KeynoteLee Aase
 
Top 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 PersonalizationTop 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 Personalizationchmingl
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.Sumutiu Marius
 
Mcetech 2009 - Open Social
Mcetech 2009 - Open SocialMcetech 2009 - Open Social
Mcetech 2009 - Open SocialClaude Coulombe
 

Similar to Today’s hidden dangers: Social networks under attack (8)

Surviving Today's Targeted Attacks
Surviving Today's Targeted AttacksSurviving Today's Targeted Attacks
Surviving Today's Targeted Attacks
 
Malware * punct ro
Malware * punct roMalware * punct ro
Malware * punct ro
 
Opportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to CollaborateOpportunities for IT and SLA Professionals to Collaborate
Opportunities for IT and SLA Professionals to Collaborate
 
Health Care Social Media Summit Keynote
Health Care Social Media Summit KeynoteHealth Care Social Media Summit Keynote
Health Care Social Media Summit Keynote
 
Top 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 PersonalizationTop 5 Web Trends Of 2009 Personalization
Top 5 Web Trends Of 2009 Personalization
 
The Dark Arts of Hacking.
The Dark Arts of Hacking.The Dark Arts of Hacking.
The Dark Arts of Hacking.
 
Mcetech 2009 - Open Social
Mcetech 2009 - Open SocialMcetech 2009 - Open Social
Mcetech 2009 - Open Social
 
SCK Social Media 2009
SCK Social Media 2009SCK Social Media 2009
SCK Social Media 2009
 

Recently uploaded

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 

Recently uploaded (20)

From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 

Today’s hidden dangers: Social networks under attack

  • 1. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Today’s hidden dangers: Social networks under attack Ștefan Tănase Senior Regional Researcher Kaspersky Lab EEMEA Webstock 2009 – Bucharest, Romania - 18 September 2009
  • 2. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • Do you believe in superstitions? I don’t. • 911 - emergency phone number • Today: • 18 September 2009, 18.09.2009, 18.09.09, 18.9.9 • 1 + 8 = 9 • Today’s presentation: • 11 security incidents that changed the social networking world in 2009. 11 and 09. • Social networks: 911 Overview 18 September 2009 Webstock 2009
  • 3. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) LinkedIn – just a starter 18 September 2009 Webstock 2009 • Massive malware campaign starts targeting LinkedIn • Why LinkedIn? Beacause it worked! • Blackhat SEO • By googling for “Jessica Alba naked” or “Keri Russell nude” the user would find the malicious profiles indexed • Top 5 in SERPS • January 2009 - Bogus LinkedIn profiles serving malware
  • 4. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • February 2009 – First commercial Twitter spamming tool • Tweettornado.com - “fully automated advertising software for Twitter” • Was empowering phishers, spammers, malware authors and everyone with the ability to generate unlimited Twitter accounts • Features: add unlimited number of followers, automatically update all accounts through proxy servers with identical messages Twitter spam gets automated 18 September 2009 Webstock 2009
  • 5. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • April 2009 – Twitter gets hit by XSS worm • Multiple variants of the worm were identified • Thousands of spam messages containing the word "Mikeyy“ filled the timeline • Proof of concept – no malicious intent • Author got a job at a web security company Comeback of the XSS worm 18 September 2009 Webstock 2009
  • 6. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Comeback of the XSS worm 18 September 2009 Webstock 2009
  • 7. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Social engineering at its best 18 September 2009 Webstock 2009 • Public information posted to social networks by twitter admin • Used by French hacker in social engineering attack • To answer Yahoo! Mail security question and reset the password • “Wow - my Yahoo mail account was just hacked.“ • “If anyone with Yahoo! Security is out there, hit me up with an reply“ • April 2009 – Twitter admin panel gets hacked
  • 8. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • May 2009 – Harvesting email addresses in real time • Why search for emails when you can get fresh ones in real time? • http://search.twitter.com/ is the answer! • Simple, but effective search queries: • “email me at” + “yahoo.com” • “contact me at” + “gmail.com” • Personalized attacks start happening What are you doing? Harvesting. 18 September 2009 Webstock 2009
  • 9. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Trendy malware 18 September 2009 Webstock 2009 • June 2009 – Trending topics start being exploited
  • 10. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Short URLs, big problems 18 September 2009 Webstock 2009 • The best things about short URLs • There are so many! • Problems with short URLs: • Social engineering is easy • Questionable reliability • Implicit trust • Cli.gs gets hacked, no malicious intent – but what if? • Too many redirects hosted in the same place is not good news • June 2009 – URL shortening service Cli.gs gets hacked
  • 11. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) • June 2009 – Guy Kawasaki's Twitter account hijacked • Of course, it was used to push malware. • Both Windows and Mac malware. • 140,000 Twitter users were potential victims. • The hook? “sex tape video free download” Follow me! Me me me! 18 September 2009 Webstock 2009
  • 12. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) The web 2.0 worm 18 September 2009 Webstock 2009 • June 2009 – Explosive growth of Koobface modifications • The number of variants detected jumped from 324 at the end of May to almost 1000 by the end of June 2009 • This sign of increased cybercriminal activity involving social networks in the past months proves that the strategies being used by the bad guys to infect users are much more efficient when adding the social context to the attacks
  • 13. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) The web 2.0 worm 18 September 2009 Webstock 2009
  • 14. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Koobface on the tweet 18 September 2009 Webstock 2009 • June 2009 – Koobface spreading through Twitter also • First discovered one year ago by Kaspersky Lab, Koobface was only targeting Facebook and MySpace users • Being constantly “improved”, now spreading through more social networks: Facebook, MySpace, Hi5, Bebo, Tagged, Netlog and most recently… Twitter
  • 15. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) One bird and two stones 18 September 2009 Webstock 2009 • August 2009 – Twitter knocked offline by DDoS attack • The morning of August 6th - Twitter gets hit for an extended period of time • Rumors they are facing a massive distributed denial-of-service attack • Twitter confirmed the outage in a brief status message • Service was restored gradually, first in the US, then the rest of the world • Problems with the API lasted several days
  • 16. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) That’s it? 18 September 2009 Webstock 2009
  • 17. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) What’s next? 18 September 2009 Webstock 2009 • It is just the beginning • Attack techniques exploiting social networks will continue to grow • Social networks will open up new ways for targeted attacks against individuals • It will be very hard for social networks to do better: their business means usability, not security • Be careful out there!
  • 18. Click to edit Master title style • Click to edit Master text styles – Second level • Third level – Fourth level » Fifth level June 10th, 2009 Event details (title, place) Thank you! stefant@kaspersky.ro twitter.com/stefant Ștefan Tănase Webstock 2009 - Bucharest, Romania - 18 September 2009 Senior Regional Researcher Kaspersky Lab EEMEA

Editor's Notes

  1. Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a “fully automated advertising software for Twitter” hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service. TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool. TweetTornado’s core functionality relies on a simple flaw in Twitter’s new user registration process. Tackling it will not render the tool’s functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn’t require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter. So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I’m surprised it hasn’t happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general. If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I “wonder” why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicate that a spammer’s tweeting.
  2. A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results. This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywordsand using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.  Go through related coverage of previous malware campaigns abusing legitimate services - (Spammers targeting Bebo, generate thousands of bogus accounts; Malware and spam attacks exploiting Picasa and ImageShack) Upon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currentlydetected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.
  3. Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a “fully automated advertising software for Twitter” hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service. TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool. TweetTornado’s core functionality relies on a simple flaw in Twitter’s new user registration process. Tackling it will not render the tool’s functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn’t require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter. So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I’m surprised it hasn’t happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general. If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I “wonder” why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicate that a spammer’s tweeting.
  4. A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results. This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywordsand using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.  Go through related coverage of previous malware campaigns abusing legitimate services - (Spammers targeting Bebo, generate thousands of bogus accounts; Malware and spam attacks exploiting Picasa and ImageShack) Upon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currentlydetected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.
  5. A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results. This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywordsand using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.  Go through related coverage of previous malware campaigns abusing legitimate services - (Spammers targeting Bebo, generate thousands of bogus accounts; Malware and spam attacks exploiting Picasa and ImageShack) Upon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currentlydetected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.
  6. A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results. This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywordsand using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.  Go through related coverage of previous malware campaigns abusing legitimate services - (Spammers targeting Bebo, generate thousands of bogus accounts; Malware and spam attacks exploiting Picasa and ImageShack) Upon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currentlydetected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.
  7. A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results. This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywordsand using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.  Go through related coverage of previous malware campaigns abusing legitimate services - (Spammers targeting Bebo, generate thousands of bogus accounts; Malware and spam attacks exploiting Picasa and ImageShack) Upon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currentlydetected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.