RSA the premier provider of security solutions for organizations has just published a blog (http://rsa.com/blog/blog_entry.aspx?id=1684). An extract from the blog warrants posting.
RSA has tracked the operation of a banking Trojan, which is a custom variant of a large malware family. Any website that lets users upload social media content and then publish it can be exploited to store a Trojans’ encrypted configuration. This includes almost any Web 2.0 platform that enables unrestricted posting of comments, creation of public profiles and the setting up of newsgroups. This is how it works:
1. The cybercriminal sets up a bogus profile, such as “Ana Maria”.
2. An encrypted malware string is coded as text and then uploaded into the bogus profile.
3. After the message enters into a customer’s machine it will search for the string, which will signal the beginning of the malware code.
4. The malware is then executed. If it is a Trojan or a bot, it can proceed to attack the customer’s computer or to propagate further.
Using social media as a conveyor of malware has many advantages:
1. Cybercriminals need not buy and maintain a domain name where they can be traced. The public web site such as YouTube, Facebook, MySpace and Twitter from where to launch attacks will sign up anybody.
2. Cybercriminals need not pay or maintain a dedicated server, which can be used to track the origination source. For instance, this makes Russian and Chinese origins of malware untraceable because all messages will show up as originating in California.
3. As soon as a suspected profile or account is removed, a new profile or account can be easily set up quickly.
From the cybercriminal’s point of view, the exploitation of public social media is not difficult. Detecting malware hosted on public websites note feasible merely by scanning of suspicious URLs for viruses. Compromising attacks from public sources will require more sophisticated detection means. Unless a social media site is specifically protected for such incursions the chances are that the cybercriminals will succeed.