Cybercrime '09: Too late to save Facebook?

CSO - A warning to those who love such social media sites as Facebook: The bad guys are coming for you.

A slew of security vendor reports on risks to expect in 2009 point to Facebook, MySpace.com and other such sites as increasingly tempting targets among hackers looking to dupe people out of their sensitive information. Portable Document Format and Flash files, once considered safe, are now a threat as well.

The findings on Flash and PDF are presented in a report released on Tuesday from security products firm Finjan Inc. The research finds that cybercriminals are increasingly using PDF and Flash files as vehicles for distributing their malicious code and for infecting end-user PCs.

The "Web Security Trends Report Q4 2008," released by Finjan's Malicious Code Research Center (MCRC) notes that criminals take advantage of the specific functionality available in Flash Action Script that enables a Flash file to interact with its hosted Web page (DOM). They embed their malicious code in Flash files and dynamically inject it into the hosting DOM to exploit a browser vulnerability and to install a Trojan horse, said Finjan officials. Although Flash supports the functionality to prevent such interactions, many site owners are not using it, according to Yuval Ben-Itzhak, chief technology officer of Finjan.

The report states that large advertising networks serving Flash-based banner ads did not prevent their ads from interacting with the hosting Web page. The lack of configuration by ad networks to prevent this interaction, between the served Flash-based ad's Action Script and the DOM, has become a new vector for cybercriminals to serve their malicious code undetected.

"Using rich-content applications such as Flash files to distribute malicious code has become the latest trend in cybercrime," said Ben-Itzhak. "Having the widespread distribution and the popularity of Flash-based ads on the Web, their binary file format enables cybercriminals to hide their malicious code and later exploit end-user browsers to install malware."

Finjan's report also predicts that cybercrime will continue to rise as an increasing number of unemployed IT professionals join in and that criminals will continue to use Web 2.0 as a portal for scams.

Sophos PLC also published its Security Threat Report 2009 on Tuesday. The research reveals that more malware is hosted on U.S. Web sites and more spam is relayed from computers in the U.S. than from any other country. In fact, the November shutdown of McColo Corp., a U.S. Web hosting firm that was accused of collaborating with spammers and hackers, caused a 75% drop in spam, noted Cluley.

"Not only is the United States relaying the most spam because too many of its computers have been compromised and are under the control of hackers, but it's also carrying the most malicious Web pages," said Graham Cluley, senior technology consultant at Sophos, in a statement. "We would like to see the States making less of an impact on the charts in the coming year. American computers, whether knowingly or not, are making a disturbingly large contribution to the problems of viruses and spam affecting all of us today."