Facebook offers peek at incoming malware attacks

Facebook offers peek at incoming malware attacks

Summary: The malware gang behind the Koobface malware attacks on social networks raked in about $35,000 a week ($1.8 million a year) in 2009, according to Facebook security researcher Nick Bilogorskiy.

SHARE:

VANCOUVER -- The malware gang behind the Koobface malware attacks on social networks raked in about $35,000 a week ($1.8 million a year) in 2009, according to Facebook security researcher Nick Bilogorskiy.

During a keynote address at the Virus Bulletin 2010 conference here, Bilogorskiy said the Koobface gang controls a massive botnet that's "in a perpetual state of development" and combines clever social engineering -- and technological -- techniques to make money from the sale of fake security software (scareware).

Bilogorskiy offered a peek into some of the malicious activity squirming through the world's most popular social network, stressing that the company has set up a dedicated security response team to monitor and block incoming malware attacks.

While the activity of the Koobface gang dominated his presentation, Bilogorskiy said Facebook is a target of many different threats -- from rogue apps to clickjacking to Nigerian 419 advance fee scams.follow Ryan Naraine on twitter

"Most things that deliver value have risks.  Those risks need to be managed, not avoided," Bilogorskiy said.

He said a dedicated team of Facebook staffers look for malicious apps but acknowledged that some slip through the cracks.

Bilogorskiy said the emergence of Nigerian (advance fee) fraud on Facebook was a turning point that proved that scammers were quickly adapting to find new victims.  He said the Nigerian scammers were stealing Facebook accounts and using the site's live chat utility to chat with the victim's friends and ask for money transfers.

"They're usually stuck in London.  Lost their phone. Lost their wallet.  It's human versus human.  Users get too jaded to be fooled so the scammers adapt. It's all about good social engineering," he added.

"These [Nigerian/419] are one of the top threats facing us.  We spend significant resources dealing with it."

Bilogorskiy said Facebook's security team is investing in several counter-measures to identify and block malicious threat, noting that these defenses are "invisible" to end users.  "You only see a very small percentage of the attacks that are attempted on Facebook users," he added.

The company has a global moderation team (in the USA and Dublin, Ireland) that's monitoring user feedback on security and is experimenting with new ideas to fight phishing attacks that hijack Facebook usernames and passwords.

For example, Facebook can spot logins from suspicious places and ask for additional information before the login in permitted.  "We'll confirm your identity via cell phone and allow you to review recent logins and reset your passwords," he explained.

The company is also testing a "social authentication" feature that displays photographs of friends and asks the user to identify the persons tagged in the photographs.  "It's not perfect but we're still testing and tweaking to improve effectiveness," Bilogorskiy said.

Also read this article by Paul Roberts, who interviewed Bilogorskiy after his Virus Bulletin presentation.

Topics: Malware, Apps, Security, United Kingdom

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • Perhaps the worst choice Zuckerberg made...

    ...writing Facebook in PHP.
    Security issues abound.
    Dietrich T. Schmitz, ~ Your Linux Advocate
    • RE: Facebook offers peek at incoming malware attacks

      @Dietrich T. Schmitz, Your Linux Advocate Zuckerberg is a freaking billionaire now and probably playing Xbox and not caring one bit about it anymore. I wouldn't.
      cyberslammer
      • RE: Facebook offers peek at incoming malware attacks

        @cyberslammer
        Of course you missed the point. He specifically said; [i]"writing Facebook in PHP"[/i], not whether Facebook should be around or not.
        ahh so
    • RE: Facebook offers peek at incoming malware attacks

      @Dietrich T. Schmitz, Your Linux Advocate - as you sit in your little Northeast hut having bread and water waiting for the next "contract"...Zuckerberg, albeit a little Loony is a billionaire. So who made the worse choice? I don't think it was Zuckerberg
      ItsTheBottomLine
    • RE: Facebook offers peek at incoming malware attacks

      @Dietrich T. Schmitz, Your Linux Advocate
      Interesting coming from a Linux advocate. What would have been better, ASP or Java? Or something else?
      Social engineering attacks have nothing to do with the backend code. I'm not aware of any exploits on the platform itself; in the end, that comes down to the skill of the coders irrespective of the languages used.
      msandersen
  • And people think college is expensive...

    try ignorance... It would seem even a basic internet education or college education would thwart most of these efforts to scam.<br><br>Or better yet, just don't signup for garbage like Facebook. Social networking sites serve mainly to disseminate personal information to the world and regardless of actual intent this is what ends up happening at some point.
    ryanstrassburg