« Defcon TCP/IP Drinking Game | Main | Dispatches from Blackhat/Defcon: PayPal Token »

Dispatches from Blackhat/Defcon: Facebook/MySpace "Worm"

I have been at BlackHat/DefCon since Tuesday, and I have been slightly out of the loop on some recent security events. Coincident with the presentations on social network security and new XSS attacks against MySpace, reports of a worm hitting MySpace and Facebook started trickling in via SMS messages from our team back at the office. My initial concern was that this was a full-blown Samy-style worm hitting both social network sites, and some of my comments were oriented towards this threat.

It turns out that the MySpace/Facebook worm was less a worm and more a standard malware-push technique. Rather than having malware infect a system to send spam to other users that enticed them to install the same malware, the authors had the malware hijack MySpace and Facebook profiles on login by the user, spamming their friends with a malware download pitch. Basically this ends up being a hybrid worm, that requires more than just pure browser support, like XSS and CSRF attacks, to propagate. Good show, spammers.

The interesting part of this incident is that attackers, the media, end users, and vendors are focusing on this as a social networking story and not a desktop malware story, when it is equal parts of both. It is further evidence to me that desktops are being considered by home users to be nothing more than browser containers, with their activities being almost completely focused around a handful of major (social) web properties.

Comments (1)

I've come to the same conclusion. Most home computer systems now are nothing more than gaming systems and/or browsers.

Oh, and "K & I"'s stuff does actually work ;) At least for the moment anyway.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

About

This page contains a single entry from the blog posted on August 9, 2008 6:15 PM.

The previous post in this blog was Defcon TCP/IP Drinking Game.

The next post in this blog is Dispatches from Blackhat/Defcon: PayPal Token.

Many more can be found on the main index page or by looking through the archives.

Powered by
Movable Type 3.33