Cyber Criminals Utilize Social Networks to Control Bots
Researchers at RSA FraudAction Research Lab have recently discovered a banking Trojan being hosted by a public social networking site. Any site which allows users to upload any type of content is vulnerable to the Trojan’s configurations, RSA says.
“The Lab recently traced a social network profile that contained encrypted instructions for a variant of the Brazilian banker Trojan,” the researchers write. “Shortly after our discovery of the Trojan’s configuration point, the offending content was handled and removed thanks to action taken by the social network’s support team.”
“Any site that enables the posting of user-entered content is vulnerable to this type of exploitation, and is exploited precisely because of the freedom it affords its users,” they added.
The move by cyber criminals to public areas has several advantages, according to the researchers.
1) A domain name does not need to be bought and maintained as a command and control point for the botnet
2) Even if an account is deleted by the provider, a new account can be readily set up for free
3) The cyber criminals do not need to pay for or maintain a secured server
4) They may view the ability of cyber professionals to detect a cyber criminals use of public services as difficult
“It is worth noting that despite these advantages, banking Trojan attacks that host communication resources on public resources are still quite rare, and currently remain the exception rather than the rule,” the researchers write. “Generally, after a threat is detected, and the appropriate support team is informed, the removal of these command and control points is simple and quick.”
Related posts:
