Cybercrime ’09: Too Late to Save Facebook?

A warning to those who love such social media sites as Facebook: The bad guys are coming for you.

A slew of security vendor reports on risks to expect in 2009 point to Facebook, Myspace and other such sites as increasingly tempting targets among hackers looking to dupe people out of their sensitive information. PDF and Flash files, once considered safe, are now a threat as well.

The findings on Flash and PDF is seen in a report released Tuesday from security-products firm Finjan Inc. The research finds cybercriminals are increasingly using PDF and Flash files as a vehicle for distributing their malicious code and for infecting end-user PCs. The Web Security Trends Report Q4 2008, released by Finjan’s Malicious Code Research Center (MCRC) found criminals take advantage of the specific functionality available in Flash Action Script that enables the Flash file to interact with its hosted web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser-vulnerability and to install a Trojan, said Finjan officials. Although Flash supports the functionality to prevent such interactions, many sites owners are not using it, according to Yuval Ben-Itzhak, chief technology officer of Finjan.

The report states that large ad networks serving Flash-based banner ads did not prevent their ads from interacting with the hosting web page. The lack of configuration by ad networks to prevent this interaction, between the served Flash-based ad’s Action Script and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.

“Using rich content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime,” said Ben-Itzhak “Having the widespread distribution and the popularity of Flash-based ads on the Web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware.”

Finjan’s report also predicts cybercrime will continue to rise as an increasing number of unemployed IT professionals join in and criminals will continue to use Web 2.0 as a portal for scams.

U.K. and Boston-based firm Sophos also published its Security Threat Report 2009 on Tuesday. The research reveals that more malware is hosted on U.S. websites and more spam is relayed from American computers, than any other country. In fact, the November shutdown of McColo Corp., an American web hosting firm which was accused of collaborating with spammers and hackers, caused a 75 percent drop in spam, noted Cluley.

“Not only is the United States relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it’s also carrying the most malicious webpages,” said Graham Cluley, senior technology consultant for Sophos, in a statement. “We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today.”

Sophos’s officials also said that in 2008, organized criminal gangs tripled their attacks against websites, injecting malicious code to infect visiting home users and businesses. 2008 also saw an increase in efforts by hackers to pose as legitimate anti-virus vendors, creating new professional-looking websites and applications every day with the intention of scaring users into believing that their computers have been compromised. On average, Sophos identified five new scareware websites every day, with the figure peaking at over 20 per day on occasion.

The report also documents a rise in hackers spamming out malicious attachments, designed to compromise PCs in order to steal identities, money and resources. By the end of 2008, Sophos was tracking five times more malicious attacks arriving through files attached to emails than at the start of the year.

Like Finjan, Sophos said Web 2.0 applications, such as Facebook, continue to be of interest to spammers and malware who break into users’ accounts to take advantage of trusted social networks, and send spam and malware.

“The last year proved beyond doubt that Internet hacking gangs are organized like never before, often working across borders to steal money and data from unsuspecting users. The volume of attacks has increased, with hackers using automated systems to break into vulnerable websites or generate new variants of their malware,” said Cluley. “People need to wake up to the reality that the completely legitimate website they are visiting could be harboring a dangerous malware infection planted by hackers. As we enter 2009 we are not expecting to see these assaults diminish. As economies begin to enter recession it will be more important than ever for individuals and businesses to ensure that they are on guard against Internet attack.”