NOW READ THIS
("Security Advisory")

Go Back

Submitted by: Bill Hickey
NCVA Listmaster

NRT-0602 Researchers demonstrate Facebook‑application‑generated botnet:


A team of researchers based in Greece has warned about the potential for applications offered to users of social networks such as Facebook or MySpace to serve as a means for surreptitiously setting up botnets, according to an online press report. The team conducted a demonstration creating and using a proof‑of‑concept Facebook application dubbed Facebot. In the demonstration Facebot easily turned about 1,000 victims' machines into bots with the potential to perform distributed denial‑of‑service (OOOS) attacks, as well as other malicious operations. The researchers will present their findings at an upcoming information security conference in Taiwan.

The Facebot application posed as a 'Photo of the Day' tool that displayed a different photo each day from National Geographic on users' Facebook pages. It also set up malware that recruited the victim's machine into a botnet. In the demonstration the researchers did not invite users via Facebook to download the application, but still managed to attract around 1,000 users who downloaded Facebot within the first few days it went live. They merely announced its availability to members of their research group and asked them to pass it to their colleagues. From there it apparently spread to other Facebook users. "We have shown that applications that live inside a social network can easily and very quickly attract a large user‑base (in the order of millions of users) that can be redirected to attack a victim host," the researchers wrote in their paper. "We experimentally determined the user‑base to be highly distributed, and of a world‑wide scale."

Once installed, Facebot forces the host machine to send out 600 Kbyte HTTP requests to victims' machines. In the demonstration, the code instructed the bots to attack some computers in the researchers' lab. The demonstration was set to limit the amount of attack traffic, but"... an adversary could employ more sophisticated techniques ... the attack may be significantly amplified," the researchers concluded.

According to the researchers, Facebot demonstrates just how simple it is to weaponize increasingly popular social networking applications, which can be written and distributed by anyone. There are over 15,000 Facebook applications available to members today.

[darkreading.com 04Sep08]


Valid XHTML 1.0! Valid CSS! Counter Image
Last Modified: Tuesday, 30-Sep-2008 19:49:54 EDT