Koobface on Facebook: How malicious contents sneak into social networking. Mohammad Reza Faghani

Similar documents
WEB ATTACKS AND COUNTERMEASURES

Dolvara

Cryptography and Network Security Chapter 21. Malicious Software. Backdoor or Trapdoor. Logic Bomb 4/19/2010. Chapter 21 Malicious Software

What's the difference between spyware and a virus? What is Scareware?

Web site security issues White paper November Maintaining trust: protecting your Web site users from malware.

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

What are Viruses, Trojans, Worms & Spyware:

Security workshop Protection against botnets. Belnet Aris Adamantiadis Brussels 18 th April 2013

Computer Security DD2395

Introduction: 1. Daily 360 Website Scanning for Malware

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Recommended Practice Case Study: Cross-Site Scripting. February 2007

PROTECT YOUR COMPUTER AND YOUR PRIVACY!

ZNetLive Malware Monitoring

Introduction The Case Study Technical Background The Underground Economy The Economic Model Discussion

Web Application Security

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Computer Security Maintenance Information and Self-Check Activities

DDoS Attacks & Defenses

User Documentation Web Traffic Security. University of Stavanger

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Malicious Software. Malicious Software. Overview. Backdoor or Trapdoor. Raj Jain. Washington University in St. Louis

SECURITY TERMS: Advisory Backdoor - Blended Threat Blind Worm Bootstrapped Worm Bot Coordinated Scanning

white paper Malware Security and the Bottom Line

GlobalSign Malware Monitoring

LASTLINE WHITEPAPER. Large-Scale Detection of Malicious Web Pages

Tespok Kenya icsirt: Enterprise Cyber Threat Attack Targets Report

Active Threat Control

Network Security and the Small Business

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Malware: Malicious Code

RLI PROFESSIONAL SERVICES GROUP PROFESSIONAL LEARNING EVENT PSGLE 123. Cybersecurity: A Growing Concern for Small Businesses

COMPUTER-INTERNET SECURITY. How am I vulnerable?

Cross Site Scripting Prevention

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Willem Wiechers 3 rd March 2015

Protection for Mac and Linux computers: genuine need or nice to have?

Module 5: Analytical Writing

Cyber liability threats, trends and pointers for the future

ITSC Training Courses Student IT Competence Programme SIIS1 Information Security

Overview. Common Internet Threats. Spear Phishing / Whaling. Phishing Sites. Virus: Pentagon Attack. Viruses & Worms

Network Monitoring using MMT:

Web Application Worms & Browser Insecurity

Evolution of attacks and Intrusion Detection

Ohio University Computer Services Center October, 2004 Spyware, Adware, and Virus Guide

Threat Containment for Facebook

Networking Threats Using Active

WORMS : attacks, defense and models. Presented by: Abhishek Sharma Vijay Erramilli

October Is National Cyber Security Awareness Month!

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

Managing Web Security in an Increasingly Challenging Threat Landscape

Internet basics 2.3 Protecting your computer

Evolutionism of Intrusion Detection

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Malicious Network Traffic Analysis

Threats and Vulnerabilities. Ed Crowley

Real-time Network Monitoring and Security Platform for Securing Next-Generation Network. Assoc. Prof. Dr. Sureswaran Ramadass

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

Cybersecurity: A Growing Concern for All Businesses. RLI Design Professionals Design Professionals Learning Event DPLE 160 October 7, 2015

MALWARE THREATS AND TRENDS. Chris Blow, Director Dustin Hutchison, Director

Reduce Your Virus Exposure with Active Virus Protection

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

Multi State Information Sharing and Analysis Center. Briefing Paper. Keeping Your Broadband Internet Connection Secure

Cross-Site Scripting

Emerging Trends in Malware - Antivirus and Beyond

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 14 Risk Mitigation

Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them

WHITE PAPER. Understanding How File Size Affects Malware Detection

CSE 3482 Introduction to Computer Security. Denial of Service (DoS) Attacks

Security A to Z the most important terms

Summary of the SEED Labs For Authors and Publishers

Cross Site Scripting in Joomla Acajoom Component

1 Introduction. Agenda Item: Work Item:

Description: Course Details:

Practical tips for a. Safe Christmas

SOCIAL NETWORKS AND INFECTION MODEL

DDos Monitoring System using Cloud AV AhnLab, Inc. SiHaeng Cho, Director of R & D Center

Course Content: Session 1. Ethics & Hacking

HoneyBOT User Guide A Windows based honeypot solution

Attacks from the Inside

Online Cash Manager Security Guide

Seminar Computer Security

Penetration Testing The Red Pill

Client Side Filter Enhancement using Web Proxy

Security Research Advisory SugarCRM Cross-Site Scripting Vulnerability

EECS 588: Computer and Network Security. Introduction

WEB SECURITY. Oriana Kondakciu Software Engineering 4C03 Project

Information Security Threat Trends

Basic Computer Security Part 2

E Commerce and Internet Security

C&G FLUX MARKET Internet Safety

NTT R&D s anti-malware technologies

Reducing Application Vulnerabilities by Security Engineering

PC Security and Maintenance

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

Malware B-Z: Inside the Threat From Blackhole to ZeroAccess

CS 356 Lecture 9 Malicious Code. Spring 2013

Transcription:

Koobface on Facebook: How malicious contents sneak into social networking Mohammad Reza Faghani

Outline Introduction Trend of Web malware Social networks malware What is XSS!? Potentials of XSS Worms Social Networks XSS worm propagation ClickJacking malware propagation Trojan malware propagation Summarizing the results from various studies Recent study results Our proposed scheme for malware detection Conclusion

Introduction Four key threats to consider Spam Bugs Denial of Service Malicious Software (malware) Propagate via Spam Exploits bugs Mount DOS Viruses, Worms, Trojans, SpyWare ScareWare,

Introduction (cont.) Why is malware so important to study? Privacy and security issues Cyber War Stuxnet, Predator Drone ISPs struggle under virus generated traffic Cyber Criminals make a lot of money Hidden costs Reputation

Introduction (cont.) Malware is propagated via Email P2P networks Vulnerable OS services Mobile phones Web Can even be Hybrid

Trends of Web malware Web malware Most people frequently use Web Population of the victims are much larger than other types of malware. Social networks are popular among people No barriers for web users Malware writers prefer to exploit Web users Suppose each active user has on average 128kbps of bandwidth, potential of 10 percent of active users is : 80Mx128kbps= 10 Tbps 80% of web servers have critical vulnerabilities such as XSS (will discuss XSS later) Aggregated traffic of the web users browser would be huge

Social networks malware Samy could affect over 1 million people in less that 20 hours. MySpace was the first but : 1200000 1000000 800000 600000 Code Red I Code Red II Slammer Blaster Samy 1000000 Sina, July 2011 FB on March 29, 2011 400000 359000 275000 336000 ClickJacking types Almost everyday 200000 0 55000 Twitter on Sep. 2010

Propagation of a Malware

Why studying malware? To have a better understanding of propagation behaviors Damage assessment Providing enough traffic to avoid Denial of Service Detecting the weaknesses of spreading How we can counter-measure in the best way

Social networks malware We can consider three main types of social networks malware attacks: XSS worms e.g. Samy Trojans e.g. Koobface ClickJacking types Forced like Can lead to DriveByDownloads malware

What is XSS!? Cross Site Scripting (XSS) is a common vulnerability in web applications. Has two types: Reflected Stored

Reflected XSS Application reflects exactly what it gets from the user. user may inject a harmful script

Stored XSS Attacker stores a harmful script in the application database for further exploitation. Comments Forum talks FB Wall

XSS + AJAX = w0rm XSS threat becomes more noticeable due to the combination of HTML and AJAX technology. AJAX allows browsers to issue HTTP requests on behalf of the user. No need for the attacker to deceive the victim to click on a special crafted link!

XSS worm propagation XSS worm propagation consists of the following two steps: Download A visitor downloads (views) an infected profile and automatically executes the JavaScript payload. Propagation The payload is extracted from the contents of the profile being viewed and then added to the viewer s profile.

ClickJacking Worm Propagation Unwittingly clicking on a hidden like button and more friends get infected

Trojan Propagation Then they post a similar link on the victim s profile or send private messages to friends of the victim containing the malicious link. Sometimes, they ask you to download the appropriate decoder to play the movie, which is indeed the Trojan itself.

Research on OSN malware Three main papers on OSN malware propagation (in chronological order): [1] Faghani M. R., Saidi H., Malware Propagation in Online Social networks, Malware09, Montreal, 2009. [2] W. Xu, F. Zhang, and S. Zhu., Toward worm detection in online social networks, (ACSAC), 2010. [3] Guanhua Y., Guanling. And et al., Malware Propagation in Online Social Networks: Nature, Dynamics, and Defense Implications, (ASIACCS'11), March 2011.

Result Summary (from simulations) Social network structure itself slows down the worm propagation. 10000 9000 Total Number of Infected profiles 8000 7000 6000 5000 4000 3000 2000 1000 Random (q=0.9) Small World (q=0.9) 0.5 1 1.5 2 2.5 3 Number of Visits x 10 5

Result summary (cont.) User activities play an important role. 10000 Total Numer of Infected profiles 9000 8000 7000 6000 5000 4000 3000 2000 1000 q=1 q=0.9 q=0.7 q=0.5 q=0.3 q=0.1 0.5 1 1.5 2 2.5 3 3.5 4 Numbe of Visits Number of visits x 10 5

Result summary (cont.) Trojan type spreads faster than XSS 10000 9000 Total Number of Infected profiles 8000 7000 6000 5000 4000 3000 2000 1000 XSS Koobface, p=0.5 Koobface, p=0.7 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 Times in minutes x 10 4

Result summary (cont.) Effect of Clustering coefficient is linear Time required to have the whole population infected 1.75 x 105 1.7 1.65 1.6 1.55 1.5 0.1 0.105 0.11 0.115 0.12 0.125 0.13 0.135 0.14 0.145 0.15 Clustering Coefficent

Result summary (cont.) Effect of Infection Probability is exponential Time required to have the whole population infected 10 x 105 9 8 7 6 5 4 3 2 1 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 Probability of Executing the malware

Recent Results (1) Considering cliques Those who have common interests create a group. Total Number of Infected 10000 9000 8000 7000 6000 5000 4000 3000 2000 1000 A1 with 1 Clique C with 1 Clique A1 with 2 Cliques C with 2 Cliques 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 Total Number of Visits x 10 5

Recent Results (2) Considering overlapping cliques: 10000 Total Number of Infected 9000 8000 7000 6000 5000 4000 3000 2000 1000 2 Cliques + 1 Common Clique 3 Cliques 3 Cliques + 1 Common Clique 4 Cliques 0 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 Total Number of Visits x 10 5

Proposed Defense System Identify big cliques Among them distinguish those users who are connected to different cliques. Implement decoy friends or other detection mechanisms to detect malicious behaviors. It is more efficient than current Facebook classifier system.

Conclusion User relationship structure plays an important role in malware propagation. User activities affect speed of propagation. Propagation of XSS types is slower than that of Trojan types. A new defense mechanism can be built using OSN graph topology.

Acknowledgement Thank you Any Question?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information