When Web 2.0 sneezes, everyone gets sick!

Web 2.0 has opened up a new attack vector (a path in which hackers gains access to a network or server) that is used by malware writers to cause widespread damage to computers.

Industry research^** revealed that, in 2009, social networking sites have been accessed by approximately one billion Internet users, and as such, the rapid growth of these sites has become a breeding ground of malware and spam and yet another source of illegal earnings on the Internet.

Exploit

Social platforms such as Facebook, MySpace and Twitter have attracted millions of Internet users across the globe - and cybercriminals at the same time. They not only exploit security flaws found within these websites, but also use them to divert legitimate traffic towards sites that are serving malicious content, either by using social engineering tactics or some technical vulnerabilities that can be exploited to infect the user's machine.

By the end of 2008, more than 43 000 malicious codes relating to social networking sites - such as Trojan-Spy, Trojan-PSW, Worm, Trojan etc - were detected. Koobface, the most widespread social networking worm, instantly became popular when it appeared almost one year ago, targeting Facebook and MySpace accounts.

Today, there is a new variant of this worm, meanining it can simply reinvent itself to access any new social site that comes along. In fact, in 2009, Koobface modifications detections jumped from 324 at the end of May to nearly 1000 by the end of June and the users of such sites often unwittingly helped the attatckers to carry out these tasks.

What can users do?

So what can users do? First and foremost, be aware of how you unknowingly assist this process. For example:

A general structure of an attack explained in three steps:

1. A user receives a link from a trusted contact to, say, a video clip.
   
2. The user is told to install a specific program to watch the video.
   
3. Once installed, the program steals the user's account and continues mailing the malicious program to the victim's trusted contacts.

This method is similar to the way in which email worms are distributed. However, malicious code distributed via social networking sites has approximately a 10% success rate in terms of infection; this exceeds the less than 1% of malware spread via email.

The human vulnerability that never dies

One of the most important parts of a usual Web 2.0 attack is the social engineering factor, or “the human vulnerability” component, which usually helps with getting innocent users' computers infected. Social engineering has been around since before any social network existed, but right now, with everybody using social networks, it seems the two terms go hand in hand - they're both social, after all.

Generally, users of social networking sites trust other users. This means they accept messages sent by someone on their friends list without always verifying the source, which makes it easy for cybercriminals to use such messages to spread links to infected sites. Various means are used to encourage the recipient to follow the link contained in the message and thus to download a malicious program.

The future of Web 2.0 threats

The recent explosion of social networking threats on all levels, from malware to phishing, and from web security to targeted attacks clearly marks an important milestone. Cybercriminals will use the Web 2.0 attack vector more and more to spread malicious applications.

The implicit trust that the users have in everything and the environment that allows the easy creation of contextualised and personalised attacks is making Web 2.0 a perfect medium for distributing malware. But the evolution of Web 2.0 threats will be closely tied to the evolution of Web 2.0 itself. And there are several directions where we are definitely going:

• Mobility - content and interfaces used to access it will become more mobile; the dependency on the hardware device used to access it and its physical location will decrease. As platforms get more diverse, malware authors will try to keep up with this and design different attacks for different operating systems and hardware.
  
  
• Localisation and contextualisation - having mobile content and interfaces will enable the services to better fit the users, depending on where they are and what they want. Cybercriminals try to use these paradigm changes for their own advantage - to better social engineer their victims.
  
  
• Interoperability - social networks are clearly shifting towards a way where they can operate being connected to one another, not isolated. There are already problems securing the networks.

Divulge as little as possible

For protection against targeted attacks, users should divulge as little personal information as possible. They should not give out their home address, phone number or other private details. It is very hard to draw a line between what should be shared and what should not be shared on social networks - every user has their own level of required privacy.

A multilayered protection approach is definitely necessary. The anti-malware or Internet security solution is definitely one of the most important obstacles for malicious software, but oftentimes it is not enough in the Web 2.0 world. Users should increase their levels of security awareness in order to better defend themselves from these new attack strategies.

^*Internetworldstats.com
^**RelevantView and eVOC Insights 2009