NB Productions  Your guide on the Web since 2000
Spread The Word!

Bookmark and Share


 Follow nbproductioncom on Twitter

· Home
· Advertising
· Archive
· Articles
· AvantGo
· Downloads
· Encyclopedia
· Forums
· Knowledge Base
· Latest News
· Legal
· Reviews
· Search
· Statistics
· Syndicate
· Topics
· Tutorials
· Web Links
Select Interface Language:




Windows 7 Home Page

Vista Home Page

Microsoft : Fast Facts

 Microsoft Fix It


Livin Low

Daniel D Low Franklin

Livin Low

Music Artist

1· AC / DC
· Cliff Adams
· Tori Amos
· The Beatles
· Chuck Berry
· Bon Jovi
· Kate Bush
· Clannad
· Eric Clapton
10 · Clark Hutchinson
11 · Joe Cocker
12 · The Corrs
13 · The Cranberries
15 · Deep Purple
16 · Diamond Rio
17 · The Doors
18 · Steve Earle
19 · Fleetwood Mac
20 · Free
21 · Peter Gabriel
22 · Rory Gallagher
23 · Genesis
24 · Goo Goo Dolls
25 · David Gray
26 · Guns''n''Roses
27 ·  Alex Harvey Band
28 · Jimi Hendrix
29 · John Lee Hooker
30 · Humble Pie
31 · Michael Jackson
32 · Janis Joplin
33 · Norah Jones
34 · B. B. King
35 · Jerry Lee Lewis
36 · Amanda Marshall
37 · Matchbox 20
38 · Nine below zero
39 · Sin?ad O''Connor
40 · Pink Floyd
41 · Elvis Presley
42 · Carlos Santana
43 · Dan Seals
44 · Steely Dan
45 · Steppenwolf
46 · The Rolling Stones
47 · U2
48 · Uriah Heep
49 · Neil Young
50 · Led Zeppelin
51 · ZZ Top

Attackers Moving to Social Networks For Command and Control
Social Networking

Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations.

New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded.

The attack is as simple as it is effective. It begins with the crimeware gang setting up one or more fake profiles on a given social network (RSA isn't naming the network on which it saw this specific attack). The attacker then posts a specific set of encrypted commands to the profile. When a new machine is infected with the banker Trojan, the malware then goes out and checks the profile for new commands. The specific command in this case begins with a string of random characters that serves as an authentication mechanism of sorts, letting the Trojan know it's found the right commands.

The rest of the encrypted string are hard-coded instructions telling the Trojan what to do next, whether it's to look for other machines on the network, search for saved data or log keystrokes when the user visits a specific online banking site.

This certainly is not the first example of this kind of activity on social networks. There have been botnets controlled via Twitter for at least a year now, and researchers have found a number of example of Facebook profiles set up specifically for malicious activity. But this is one of the results of the success that researchers and law enforcement have had in recent years in shutting down the bulletproof hosting providers who have been harboring botnet C&C servers and Trojan drop zones for a long time.

"The most interesting thing is that it's part of a growing trend. These groups have had four main options for hosting if they want to put it in a resilient infrastructure," said Uri Rivner, head of new technologies--consumer identity protection at RSA, the security division of EMC. "You can build your own, and there are some that are very sophisticate with great disaster recovery, but that's expensive. You can go with bulletproof hosting, but that's getting harder. You can use cloud services, which we've seen some of lately. Or you can now use social networks. That's getting more popular because resilience is they key for some of these Trojans that can run for months or years. It's so important to them to find a good hosting environment."

The other thing that makes networks such as Twitter and Facebook attractive for bot herders and Trojan gangs is the ease with which they can set up new profiles. The profiles themselves essentially become disposable, because the attackers can code a list of dozens or hundreds of such profiles into the Trojan and if one is discovered and taken offline, the malware move on to the next one. It's also quite difficult for the operators of these sites to identify and block these profiles quickly enough, making them soft targets for the attackers.

"The only downside for the attackers is if the companies start fighting back against it, but that's hard," Rivner said. "This is the easiest, the cheapest and most reliable infrastructure that I see  (VIA /threatpost.com)

Posted on Monday, July 19, 2010 @ 19:35:59 UTC by NB


Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
Related Links
· More about Social Networking
· News by NB

Most read story about Social Networking:
Microsoft Kin: Hands-on video and first take on 'social phone'

Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Very Good


 Printer Friendly Printer Friendly

Associated Topics

Social Networking

 Back to the top 

 ©  nb-productions.com 2000-2013

:: fiappleblue theme by www.nukemods.com ::