2011 November | The Barracuda Labs Internet Security Blog

Archive for November, 2011

Barracuda Networks Turns ‘Follows’ and ‘Likes’ into Meals for Children in Need

Wednesday, November 30th, 2011

By: Barracuda Labs

FOR IMMEDIATE RELEASE

Content Security Leader Challenges World with “Clicks for Meals” to Fight Hunger and Provide 10,000 Meals this Holiday Season

Campbell, Calif. (November 30, 2011) – In an effort to combat world hunger, Barracuda Networks is challenging the world to help provide 10,000 meals for hungry children this holiday season. From November 30 until December 31, Barracuda Networks’ new one-for-one campaign−outlined at www.barracuda.com/clicksformeals−offers three free, simple ways everyone can help donate meals to starving children around the world.

Barracuda Networks will provide one meal for each of the following:

Install Profile Protector for Facebook and Twitter. Profile Protector, available at www.profileprotector.com, is a free tool that analyzes and blocks malicious activity on Facebook and Twitter.
Follow @barracudalabs on Twitter. Barracuda Labs is the threat research team who created Profile Protector and reports at www.barracudalabs.com.
“Like” Barracuda Networks on Facebook.

“We spend a lot of time analyzing how attackers use social networks for bad−stealing identities, creating fake profiles, spreading malware and so forth,” said Dr. Paul Judge, chief research officer of Barracuda Networks. “We want to use the social networks to do some good. What better way to do that than to use the power and ease of Facebook and Twitter to raise awareness and money to fight hunger.”

Barracuda Networks will work with the United Nations World Food Programme to fulfill the meal donation as they continue to fight hunger worldwide. Additional information–including a one-minute video–about the campaign is available at www.barracuda.com/clicksformeals.

“Attackers have proven time and again the enormous opportunity social networks create for malicious activity online,” continued Judge. “This initiative is a small token and acknowledgement of our continued fight to keep social networks safe and make an impact on thousands of children’s lives around the world.”

About Barracuda Profile Protector
Barracuda Profile Protector is a free service that protects social networking users against malicious threats on Facebook and Twitter. The application analyzes user-generated content posted to profiles and is able to block or remove malicious or suspicious content. This includes malicious URLs, embedded photos and/or videos on Facebook and Twitter pages and news feeds. Users can install Profile Protector at www.profileprotector.com.

About Barracuda Labs
Barracuda Labs is a global multi-disciplinary research and threat analysis team that fulfills a critical role in developing innovative technologies across Barracuda Networks’ business areas. The team evaluates the threat ecosystem and creates security intelligence to defend Barracuda Networks customers. Barracuda Labs’ threat research areas, which include email, Web, network and cloud security and technology, are designed to improve the world’s security posture by promoting security awareness and education, developing and innovating new defense technologies, and working with government and law enforcement agencies to reduce cybersecurity crime. For more information, please visit www.barracudalabs.com.

About Barracuda Networks Inc.
Barracuda Networks combines premises-based gateways and software, virtual appliances, cloud services, and sophisticated remote support to deliver comprehensive content and network security, data protection and application delivery solutions. The company’s expansive product portfolio includes offerings for protection against email and Web threats as well as products that improve application delivery and network access, message archiving, backup and data protection. Coca-Cola, FedEx, Harvard University, IBM, L’Oreal, and Europcar are among the more than 150,000 organizations protecting their IT infrastructures with Barracuda Networks’ range of affordable, easy-to-deploy and manage solutions. Barracuda Networks is privately held with its International Headquarters in Campbell, Calif. For more information, please visit www.barracudanetworks.com.

Posted in Current Events, Social Networking | No Comments »

Seven Annoying Attacks That Facebook Misses

Wednesday, November 16th, 2011

This week Facebook experienced a rash of attacks that posted pornographic images. Some even claimed to be nude celebrities and others claimed to be child pornography. Last month we released survey results that showed that 40% of Facebook users do not feel safe on Facebook. Two weeks later, Facebook released an infographic showing its security initiatives and statistics. We applaud the efforts; however, more is needed. When you are trying to grow a social network as well as increase advertising revenue, security becomes not only a lower priority but sometimes a conflict of interest.

Facebook claims that only 0.5% of users experience spam on any given day. That is still 4 million people out of the 400 million users that log in on any given day. We suspect that measurement only counts spam that Facebook catches which is clearly not 100% of the spam. While working on Profile Protector and other web security intelligence, we regularly come across examples of spam and attacks that repeatedly use simliar approaches that are detectable. We compiled this list of seven annoying attacks that Facebook misses.

1) Fake Product Pages:

Knock off luxury goods have always been popular scams. You might think you are buying your mother a nice new purse for a great price. If you actually get the product, which is a bit of a long shot, you are likely to find that the quality you expected from the brand is lacking at best. Facebook is rife with pages promoting these goods. Somehow these pages remain long-lived even after user complaints. Once they finally are shut down there are already 8 duplicate pages running the same scam. Clearly there are some brands that just are not sitting on hundreds of photo albums on Facebook as their advertising platform. For example, Christian Louboutin, Louis Vuitton, Air Jordan and Beats By Dre.

2) Manipulated Accounts Recommendations:

On social networks those with less good motives have figured out how to game the recommendation system and use it to their advantage. This is very similar to how attackers have used search engine optimization to promote their malware. Friends are recommended in a variety of ways, but a simply exploited example is through shared apps. Spammer accounts sign up for the same popular apps that real users do and before too long they are showing up in your list of recommended friends, which snowballs nicely into giving them a foothold into the recommended list for each of your friends.

3) Affiliate Spam:

Affiliate spam is a bigger and bigger part of the typical users incoming stream. Usually relying on the images of established and trusted brands these scams tend to be very successful and take little work for those who run them. The hook is usually a free gift card or in some cases something as extravagant as a new iPad. They encourage or require the user to share it out to all their friends and say something like “I love olive garden” before being redirected to a never-ending series of offers in the form of premium text messaging, video rental and reoccurring subscriptions of all kinds that the user is required to sign up for to get the supposed “free” gift card. A run featuring a Starbucks gift card was successful enough that Starbucks corporate had to comment letting users know it was not legitimate.

4) Photo Tagging For Spam:

The Facebook infographic referenced above mentions “Photo DNA” but it is likely that this is little more than a database of hashes related to explicit and exploitative images. Photo tagging for spamming is one of the most popular methods of spamming through the network but it doesn’t seem to be getting much attention. With each image uploaded a spammer can tag as many 50 other accounts in a photo, and have as many as 200 photos in an album. With everyone in Facebook having a maximum of 5,000 friends each photo can reach a quarter million people. This leads to a fairly nice multiplier for bytes uploaded vs users reached, especially on a network that people spend as much time on as Facebook. Some basic image analysis will tell you if there are really 40 people in the picture or if it just a pair of Hello Kitty heels.

5) Fake Apps

Fake apps, malicious apps, misleading apps, whatever you want to call it, Facebook is overflowing with them. New examples show up daily, often focusing on giving users features that they wish Facebook would provide. After all, don’t we all want to know if that old flame still looks you up every few days. Or don’t we all wait for the launch of a ‘dislike’ button. It is a big network and these are going to exist from time to time anywhere, but it is becoming more like the shareware sites of the late 90s where most the programs were of low quality and a relatively high percentage of them posed a risk. Usually they are in the information gathering and spamming business, but we have found examples that link to malicious binaries.

6) Stolen Pictures

There is not really a set of sextuplets each with the same bikini picture as their personal profile picture. Those are fake accounts. The photo album that as the same two images-one of the front view of a bikini and the other with the back view of a different bikini-repeated 15 times each is not a real user. Certainly there are some images that will be common to multiple people such as a team logo or newly released album cover. However the fake accounts typically use images of a salacious nature. Sex sells, and these profiles do very well at gathering followers around a fake identity, only to occasionally slip an advertisement into the stream. Of course there is always the possibility that we’ve stumbled upon a set of identical sextuplets that would be very happy to reconnect…

7) Anomalous Behavior

Finally, Facebook and social networks in general should focus on some form of anomaly detection. We’ve all seen examples of that friend who you never really talk to, and probably weren’t that interested in “friending” anyway, posting on your wall or messaging your account encouraging you get a free iPad or a trip on Southwest airlines, etc. Similar problems have been appropriately mitigated elsewhere in messaging but social networks have a long way to go. In many ways we’re seeing the same problems that the security community has been dealing with for more than a decade. Instead of SMTP and a distributed network, more and more messaging is pushed over HTTP and closed networks that give the receiver little that they can do in the way of securing themselves. Looking for behavior that is an outlier to the normal pattern is a well understood approach in other areas of network and messaging security. If someone that never uses chat is suddenly chatting with dozens of people and forwarding the same link, then there is a high likelihood of suspicious activity.