• United States



Outtakes from Sophos threat report

Jan 19, 20115 mins
Data and Information Security

Sophos has a new threat report out today. Here are some of the interesting bits, boiled down nicely by my friend and Sophos PR man Kevin Kosh (I did some editing along the way, which I’m sure he won’t mind):

–Malware growth in 2010 nearly doubled since 2009, crossing below the 1-second barrier for new malware frequency.

–While there was significant focus on the new attacks like Aurora and Stuxnet, criminals stuck to the low-hanging fruit — specifically social networks like Facebook, Twitter and LinkedIn.

New data includes:

–95,000 unique pieces of malware found per day, or 1 every .9 seconds, up from 50,000

–With more than 50 percent of companies allowing free and open access to social networking sites:

–67 percent of users were spammed on social networks – double from when the survey began in 2009 (33.4 percent)

–43 percent were phished – more than double from when the survey began in 2009 (21 percent)

–40 percent were sent malware

–30,000 malicious URLs appear daily, one every 2-3 secs with 70 percent on legitimate websites

Sobering stats indeed.

To me, if you read through the entire report, a big takeaway is that social networks as an attack vector are the new normal.

The findings build upon a couple articles we wrote last week, specifically on the threat people face when using the likes of Facebook on a smart phone. It’s worth rehashing part of a post I wrote last week because it really fits in with the material above:

First, my colleague Joan Goodchild wrote about a BitDefender report that flagged Facebook as a major attack vector for smart phones. From the article:

The biggest mobile infection threat isn’t malware that specifically targets mobile devices, according to new research from security firm BitDefender. Malware that targets Facebook is a far bigger problem for mobile security, the firm claims. Spam links on social networks are infecting mobile devices via bad links on Facebook because the worms and other malware are often platform-independent and are widely spread as malware that targets PCs.

BitDefender officials point to Google statistics, which reveal almost one quarter of Facebook users who fell for a recent scam on the social network did so from their mobile device. The URL that was studied was one that claimed to show users a girl’s Facebook status which got her expelled from school. It generated 28,672 clicks — 24 percent of which originated from mobile platforms. Users who clicked on the link — whether on their PC or mobile device — downloaded a Facebook worm and fell victim to an adword-based money grabbing scheme.

As Joan was writing this, I was in a nearby conference room chatting with Sophos tech consultant Graham Cluley about Facebook and other social networking platforms. He reached the same conclusions as BitDefender and added that Android phones are the easiest target against the venom coming from Facebook:

“The iPhone operates in a more controlled environment and the BlackBerry security model is fairly strong. Because Android operates in a more open environment, it’s more open to infections,” Cluley said.

Given the growing popularity of Android phones in the enterprise, Cluley said this is something IT security shops must be more aware of.

The malware being sent to the phones via Facebook messages are the garden-variety spam messages that rely heavily on social engineering tactics. A Sophos threat report due out next week will dive more into the social networking threat, but the company’s just-released “Dirty Dozen” spam list also mentions it.

“Spam is certainly here to stay, however the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers,” Cluley said.

“Great,” I thought to myself. I use an Android.

Fortunately, I’ve been well aware of Facebook social engineering tricks for some time.

I know better than to click on a link that says something like this: “Click here and see what happened after this girl’s dad caught her on the webcam.” That message came with a thumbnail shot of a girl’s backside, clad in Catholic school uniform. I didn’t have to click a link to see that it was trash.

Then there’s the social engineering trick that speaks to our vanity: “Click here to see who’s been looking at your profile.”

Before I come off as too smug, I should note that I’ve clicked sinister links before, particularly those disguised as news updates. I’m getting smarter about that, but when you have several windows open at once and you’re multi-tasking, you’re at a higher risk of doing stupid things.

There’s another Facebook risk I’ve noted in recent months: The place attracts all kinds of dangerous people who are there looking for prey. A kid I grew up with in Revere, Mass., was on there over the summer, making friends with a lot of teenage girls from remote corners of the world. It turns our he’s a thrice-convicted pedophile.

There’s no doubt about it: The social networks are full of dangerous alleys and we have to watch out backs.

That’s especially true if you’re looking at one of these sites from an Android, BlackBerry or iPhone, where you can’t always see things as clearly as you would in front of a laptop screen.

–Bill Brenner