• Home
  • About
  • Blog
  • News
  • Events
  • Media
  • Video
  • Glossary
  • Contact
  • Download
  • RSS

Malware on Facebook

January 11th, 2009  |  by elisabeth  |  Published in Future of the Internet

—By Elisabeth Oppenheimer

If you use Facebook, you’ve probably seen some of the viruses that have been hitting site users.  (That message from your aunt telling you to “click here to see paRiS Hilton!!1″—probably not actually from your aunt.)  Initially, it was phishing scams—the user would click on a link, be taken to a site that looked just like Facebook’s login page, and unwittingly give her login information to the bad guys.  A more serious problem is the “Koobface” virus.  Users got messages from their friends inviting them to view videos, but were prompted to update their flash player first.  Clicking “update” installed malicious executable code that turned their machines into zombies. If the frantic threads I’ve been seeing on my newsfeed are any indication, it’s a pain to undo the damage. The McAfee security blog explains the motivation for the malware:

As for the motivations behind this Koobface variant, analysis shows that during infection a proxy server is installed to %ProgramFiles%\tinyproxy\tinyproxy.exe and a service named Security Accounts Manager (SamSs) is created to load the server at startup. This component listens on TCP port 9090 and proxies all HTTP traffic, in particular looking for traffic to Google, Yahoo, MSN, and Live.com for the purpose of hijacking search results. Search terms are directed to find-www.net. This enables ad hijacking and click fraud.

It’s not hard to see why this malware is springing up. Facebook is huge and growing, and it holds all sorts of interesting data about its users. As the book predicts, developers of malware will follow users and money—if there’s something to exploit, there will be someone to exploit it. Moreover, social network users are lulled into a false sense of security because they know the people in their networks.

Facebook isn’t taking this lying down, of course. If you click on an outbound link—even a perfectly innocent one—you’ll get this stern warning:

picture-1

and I presume they’re immediately deleting accounts of anyone caught spamming, just as they immediately killed applications with security loopholes. Also, browsers helped: the initial bogus login sites had URLs ending in .access-login.com. When a user attempted to access one of those URLs, Firefox would display a “reported web forgery” banner. (The .access-login sites now appear to be gone.)

These measures will mostly combat the initial phishing scam, and once users internalize the fact that they should treat Facebook messages like any other email—potentially dangerous—viruses like Koobface may not spread as quickly. But malicious actors are creative, and Facebook is basically going to be in the position of playing whack-a-mole, trying to kill off new malware before it drives away too many users. (As noted, usage of Facebook is still climbing quickly, but spam and malware nonetheless will be a real threat if they get out of control. Similar problems hurt MySpace.)

What really interests me about this situation is whether Facebook will deploy advanced methods to combat advanced malware. In the book, Professor Zittrain suggests that malware is best combatted through community efforts rather than post hoc solution like virus software (or the Facebook equivalent, a central authority trying to wipe out individual viruses). The hard thing about communal solutions is how to deploy them. The Internet doesn’t have a communal gathering place—people have to take the initiative to install something like Herdict. Perhaps the closest thing we have to a gathering place is Google, which is why Google’s partnership with StopBadware has been such an effective way to get owners of infected sites to clean up the sites. Facebook, on the other hand, does have the equivalent of bulletin boards that everyone sees. Everyone uses the same login page, sees the newsfeed, and can be made to click through the same warning when they exit the site.

Facebook can deploy these capabilities in a top-down manner, as they have with the warning on outward-bound links. That’s pretty effective. But Facebook could also build a tool like Herdict and display the results prominently next to every application offered. Or, instead of directing a user who clicks on a suspicious link to the Wikipedia page on phishing, Facebook could let that user chat directly with another user who is a security expert. (Would people volunteer to be security experts? Maybe—Wikipedia got written, after all. Or Facebook could bribe them—give them free “gifts” to pass on to their friends, let them put a gold star on their profile, whatever.)   They could give users similar incentives to write programs that clean up the results of viruses, or delete comment spam en masse. In other words, Facebook could ask users to help anticipate and deal with the problems, and then provide a free, effective way to publicize and distribute those solutions.

Comments are closed.

Blog

  • Controlling Cyberspace

    • This semester, we’re starting an exciting new class, aimed not at lawyers, but undergraduate CS students here at Harvard. It’s called CS42: Controlling Cyberspace – and we’re sharing the syllabus online.  Anything big we’re missing? Read more »

  • Computers Going Wild?

    • Computers Gone Wild: Impact and Implications of Developments in Artificial Intelligence on Society was an informal discussion that took place at Harvard Law School on December 8th, 2011. Hosted by Jonathan Zittrain, Marin Soljačić and the Berkman Center for Internet & Society, we brought together eighteen mostly local guests to discuss the ways that AI is changing society. Unlike futuristic predictions involving the Singularity or the underlying technology, this workshop explored current technology. Sessions included discussions on warfare, finance, education, and labor. Below is a list of attendees and a summary of the discussion.

    Read more »

  • Ideas for a Better Internet
    • Ideas for a Better Internet, or i4bi, is an interdisciplinary course at Harvard and Stanford that challenges students from law, computer science, and public policy to come up with novel and plausible ways to improve the Internet and its use. i4bi centers on immersing participants in Internet history, technologies, and politics, so that students can come up with ideas that help to build a better Internet — however they define “better.” Read more »
  • Microsoft Echoes Apple App Store Requirements

    • Here at Future of the Internet, we’ve already talked a little bit about Apple’s content requirements for both the iOS and Mac App Stores in JZ’s The PC is Dead post. As JZ said,

    “Pulitzer Prize-winning editorial cartoonist Mark Fiore found his iPhone app rejected because it contained “content that ridicules public figures.” Fiore was well-known enough that the rejection raised eyebrows, and Apple later reversed its decision. But the fact that apps must routinely face approval masks how extraordinary the situation is: tech companies are in the business of approving, one by one, the text, images, and sounds that we are permitted to find and experience on our most common portals to the networked world. Why would we possibly want this to be how the world of ideas works, and why would we think that merely having competing tech companies—each of which is empowered to censor—solves the problem?”

    Apple’s approach is an example of a larger phenomenon. Read more »

  • A SOPA compromise is floated
    • Last week several members of Congress — Senators Wyden, Cantwell, Moran, and Paul, and Reps. Issa, Lofgren and Chaffetz — floated a proposal to substitute for the contentious proposed Stop Online Piracy Act, previously discussed here.  Sen. Wyden’s office has commented on the compromise, and TechDirt has a writeup and a copy of the document here. The proposal omits the elements of SOPA that had run into the most resistance. Gone is tinkering with fundamental Internet architecture such as the use of the domain name system. Gone is the involvement of the Attorney General. Gone is the criminal copyright streaming provision that could, theoretically, make a teenage Justin Bieber a felon for streaming amateur videos featuring his renditions of songs by his favorite artists.In all these ways, the Wyden compromise is significantly better than SOPA. So what’s left? Read more »
About Jonathan Zittrain

jonathan zittrain

Jonathan Zittrain is Professor of Law at Harvard Law School and co-founder of the Berkman Center for Internet and Society at Harvard Law School

RSS Tweets from Z

  • An error has occurred; the feed is probably down. Try again later.

Blog Archives

Creative Commons BY-NC-SA Jonathan Zittrain unless otherwise noted.
Powered by WordPress using Gridline Lite.