Research FaceBook App Recruits for Botnet

Posted by Keith McMillan

September 5, 2008 | Leave a Comment

I’ve blogged in the past about botnets, and it should be pretty clear that they can be powerful entities for good or evil. With human nature being what it is, they’re mostly used for evil. As a botnet controller, I imagine it must be very seductive to look at a popular service such as Facebook and drool at the prospect of all those computers we could recruit. But how to infect them?

Researchers in Greece apparently thought the same thing as well, and they’ve produced a research application called Picture of the Day.  This little app claims to display a different picture from National Geographic on your page, and it does that.  Unfortunately, it also serves up software to turn your computer into a botnet zombie.

It didn’t take much to get people to install it, apparently. According to the report on Dark Reading:

Interestingly, the researchers did not invite users via Facebook to download the application, but still managed to attract around 1,000 users who downloaded Facebot within the first few days it went live. They merely announced its availability to members of their research group and asked them to pass it to their colleagues. From there it apparently spread to other Facebook users.

As a security-type person, this sort of thing really concerns me.  I know that the average user isn’t really all that concerned about security until it bites them in the hinder. I can’t even get developers to be concerned about it most of the time! The spread of social networking sites creates a target-rich environment for the spread of just these sorts of compromises, and it’s not at all clear how to fix it.


RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.