Cyber crooks riding social-networking wave
A new hacking incident report warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter.
Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to Internet security specialists.
"Any website with a huge user following is now attracting the bad guys," said Ryan Barnett, director of application security research for Breach Security.
"A lot of Web 2.0 widgets, mashups and the like that users go for make it easy for all these guys to launch attacks."
Facebook became an Internet star after opening its platform to widgets, mini-applications made by outside developers, and now boasts more than 250 million members.
Barnett was among the authors of a Web Hacking Incidents Database Bi-Annual Report that concluded social-networking was the most popular "vertical market" for hackers in the first six months of this year.
The prime targets for attacks in 2008 were government and law enforcement websites, according to the Web Hacking Incidents Database.
Researchers analyzed computer security incidents worldwide, finding the number of Web attacks jumped 30 percent from the same period last year. Hackers targeted social networks in 19 percent of the attacks, according to the report.
"If you look back at 2007 and 2008 reports, criminals who are profit-driven with an end goal of identity theft were targeting e-commerce websites," Barnett said.
"What we started to see last year is that they are continuing to do that but that they have really branched out."
Twitter's appeal to hackers includes an ability to play the odds by routing short, tainted messages to thousands of computer users simultaneously. Unseen malicious code infects machines that haven't been properly updated.
Computer viruses can be hidden in files offered for sharing at Twitter, and in third-party programs that promise to enhance microblogging service capabilities.
"It is abusing some of the Web 2.0 technology," Barnett said.
Arbor Networks security research manager Jose Nazario last week reported uncovering a Twitter account being used as a "command and control" channel to send orders to a "botnet" army of zombie computers.
"I found a botnet that uses Twitter as its command and control structure," Nazario wrote in a blog post at Arbor's website.
"Basically what it does is use the status messages to send out new links to contact, then these contain new commands or executables to download and run. It's an infostealer operation."
A "botnet herder" was essentially using a free Twitter account to "tweet" commands for computers commandeered without owners knowing about it.
The account was being studied by Twitter's security team and was "one of what appeared to be a handful" of command-and-control accounts at the California-based microblogging service, according to Nazario.
"When you think about a lot of these zombies in a botnet, it is easy for them to go to a Twitter feed and download data," Barnett said.
Web browser makers need to work more closely with application developers, and computer owners need to be more vigilant about updating software their machines use to deal with data on the Internet, according to Barnett.