Blog

Malware Hiding in Plain Sight: Bad Neighbours on Social Networks

posted by: FraudWatch International date: Apr 29, 2015 category: All, Malware, Social Media comments: Comments Off on Malware Hiding in Plain Sight: Bad Neighbours on Social Networks

We’ve all heard of malware, but have you ever wondered how cyber-criminals use it to gain access to our personal information?

It is well known that cyber-criminals use links or attachments in email messages to con unsuspecting users into downloading malicious malware files onto their PCs. However, most people are not aware of just how the criminals use that malware. In the past, virus protection software has provided PC users with a reasonable level of protection against malware and alerted users if anything suspicious was detected. However, the cyber-criminals are getting cleverer with the tools they are using to deploy their malware and avoid detection.

The cyber-criminals can easily create a social media profile, which they can then use to access malware that has previously been loaded on a victim’s PC. By using their social media profile, they can send commands to the infected PC and instruct it to do whatever they want. Systems administrators may ignore traffic to social media platforms as unworthy of suspicion, especially if delivered over an HTTP or HTTPS protocol.

The criminals may post a string of seemingly random characters on their profile, such as “YmxvZy5mcmF1ZHdhdGNoaW50ZXJuYXRpb25hbC5jb20=”. To average users and technicians, this post may appear to be jibberish, however, in reality it would direct to this site, encoded in Base64. In an attack scenario, the code could conceal additional malicious payloads for the infected system. They can use this method of encoded communication to “Command and Control” the victim’s PC once it’s been compromised, often for use in a botnet; a network of infected “zombie” systems that will respond remotely and discretely, without their owners knowledge.

To avoid detection, systems compromised for a botnet will attempt to avoid generating unusual traffic or consuming processing power until they are used for subsequent attacks. Infected machines in a botnet can lay dormant until they receive further instruction, at the discretion of the criminals. They can use this method to maintain control over infected systems, or as a backdoor into the system to steal additional data. The information gained can be exfiltrated by the criminals for use at their leisure; they may resell the stolen data or they may use it to tailor spear-phishing attacks against you, your friends and colleagues.

Comments are closed.