Free Newsletter
Register for our Free Newsletters
Zones
Access Control
Alarms
Biometrics
Detection
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
Surveillance
View All
Other Carouselweb publications
 
 
 
 
 
 
 
 
News

Social networking and greynet threats to increase in 2008.

FaceTime Communications : 11 January, 2008  (Technical Article)
FaceTime Communications reviews 2007 in terms of threats resulting from Web 2.0, social networking and greynets and predicts their growth in 2008.
FaceTime Communications has announced its initial findings of 2007 malware trends affecting today's enterprise networks through instant messaging (IM), P2P file sharing and chat applications. During 2007 there were 1,088 incidents reported over all IM, P2P, and chat vectors.

Within the IM category, 19 percent of threats were reported on the AOL Instant Messenger network, 45 percent on MSN Messenger, 20 percent on Yahoo! Instant Messenger and 15 percent on all other IM networks including Jabber-based IM private networks. Attacks on these private networks have more than doubled in share since 2003, rising from seven percent of all IM attacks to 15 percent in 2007.

In 2007 researchers saw a shift in the non-IM vectors used to distribute viruses, malware and spyware. Most notable is the rise in IRC-distributed attacks: in 2006, IRC accounted for 58 percent of attacks, rising to 72 percent by year-end 2007.

"Threats over IM and P2P networks are occurring at an average rate of just over five unique incidents per day," said Frank Cabri, vice president of marketing and product management for FaceTime. "Additionally, social networking sites are increasing in popularity resulting in a corresponding increase in malicious activity targeted at users of these sites."

During 2007, FaceTime researchers noted an increasing use of social engineering to propagate threats across IM networks and Skype, as well as over social networking sites such as MySpace.

Hackers often use social engineering - manipulation with contextual language to trick victims into clicking on links that launch infected files - to propagate malware over IM networks as well as within social networking sites. The files may take the form of multimedia (jpegs or movie files) or traditional executable files. This ranges from an IM appearing to be from a trusted buddy to fake MySpace comments, messages or friend requests.

For example, in September 2007 a virus propagated through MSN Messenger delivering a .zip file full of malicious code. Victims received messages appearing to be from those on their buddy lists saying 'Do you remember this girl? I can't believe she took this pic… do you know her?"

In November 2007, a Skype Worm propagated via a message stating "help me find this girl," accompanied by an executable file named "photo," which deposited a large number of infected files on the victim's computer.


According to FaceTime Security Labs, the increasing threat over this past year has been the boldness of a growing underclass of glory hackers on social networking sites such as MySpace. The danger to corporate networks lies within the growing tendency for workers to blur their work and professional lives, often surfing these social networking sites on their work PCs and so exposing the organization to information loss, inbound malware threats and compliance risks.

In November 2007, The Bandjammer Trojan ran rampant through MySpace music profiles. Once a band's MySpace page had been hacked, an invisible background image was created that linked to a dangerous site. Visitors to the hacked profile had their browsers hijacked, with the Trojan installing fake toolbars warning of a possible spyware infection, which included a handy link to click for a free scan which in turn took victims directly to various porn sites.

In the height of the holiday season, many MySpace users received a friend request from a "fake Tom," with the promise of free ring tones. The messages appeared to be from Tom Anderson, president and co-founder of MySpace, who users meet as their first friend when signing up for a MySpace profile. MySpace quickly deleted the fake profiles, but hackers quickly regrouped with new fake profiles sporting Tom's famous profile photo associated with random first names.

For knowledge workers, it is as common to do work at home as it is to conduct personal tasks while at work. According to the recent survey Greynets in the Enterprise: Third Annual Survey of Greynet Trends, Attitudes and Impact, commissioned by FaceTime and conducted by NewDiligence, 85 percent of end users use their work PCs for personal purposes. Users describe looking at interesting sites on the Web (74 percent), banking (60 percent) and shopping (60 percent) as their top online personal activities at work, outside of sending email.

"Many hacks and scams are creeping into the mainstream areas of MySpace and other social networking sites, as the perpetrators become bolder and more aggressive," reports FaceTime's Director of Malware Research Chris Boyd. "The most horrendous content imaginable is now easily stumbled upon via simple redirects and blog hijacks. The myth that you have to 'go looking for it' has never seemed further from the truth."

Boyd saw an aggressive shift in the hacker behavior over the past year, with a growing underclass of young hackers who don't care about revealing their real identity. "Children as young as 12 years old are sharing professional phishing kits and trading stolen credit card details," said Boyd.

"MySpace and other social networking sites will continue to be the most popular target for hackers, phishers and spammers in 2008 as long as they continue to offer the same level of profile customization to their users," continued Boyd. "It's never a good idea to promote functionality over security, but there's no way MySpace can suddenly change how their site works, causing their users to lose interest in the very things that brought them there in the first place."


According to the GreynetsGuide Web site managed by FaceTime Security Labs, there are more than 600 Greynets currently in use worldwide. The list includes commonly downloaded applications such as IM and Web conferencing, along with newer plug in-type applications like search engine tool bars and online social networking sites, multimedia distribution portals, IPTV, and Web 2.0 applications. FaceTime expects this number to grow to more than 1,000 by the end of 2008.

The concern over Greynets in the enterprise stems from their inherent characteristics: these real-time applications are evasive and always on, and many are structured with a liberal allowance for user customization. These attractive aspects of Greynets are the same characteristics that classify them as high security and compliance risks. The nature of these Greynets compounds the risks of inbound malware, outbound information leakage and require continual revisiting of network usage and compliance policies.

The uncontrolled use of Greynets on enterprise networks has grown significantly over the past year. Most organizations cite between eight and ten Greynets operating in their networks, according to the Greynets in the Enterprise survey. This high level of employee usage has increased from 20 percent in 2005 to 41 percent in 2006 to 56 percent in 2007. Employees continue to believe they have the right to download any application they need onto their work PCs (36 percent).

"While many greynet applications have legitimate business uses, there are also many that do not," said Cabri. "Most organizations are not willing to accept the security and compliance exposure resulting from the uncontrolled use of these applications. IT managers need to ensure the safe use of approved applications and effectively detect and block the rogue use of unapproved applications."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com