Cyber-criminals Abusing Social-Networking Websites For C&C Operations; Mandiant

According to one particular Washington DC-based security company namely Mandiant, which just released a report called "M-Trends," sophisticated hackers, to carry out targeted assaults that can be described as advanced relentless attacks too, are abusing social-networking websites for installing malicious software on users' systems.

States the report that the Mandiant researchers have observed advanced relentless attacks to grow in volume, which are compromising web-based services and genuine social networks, including MSN, Google Chat and Facebook, to use them as C&C (command-and-control) networks with which to install malware. Specifically, these web-based services and social networks are being utilized for directing malicious programs what they should do after they've been loaded onto victims' systems.

Moreover, perusing Mandiant's report, it becomes evident that while bulk malicious codes that botnets and PC viruses use have been applying the same tactics over many years, they've just lately started serving as hackers' tools.

To cite instances, Mandiant reports a first-stage installer of malicious software which abused Facebook messaging to create command-and-control services, and backdoor Trojans, which abused Google Chat and MSN to facilitate C&C communications.

More instances that the report outlines are backdoor Trojans, which parsed as well as issued command-and-control instructions, which were implanted into HTML messages on hijacked websites, like somebody's blog, and a malware program, which captured information from the PC that was hijacked, for transmitting data through Hotmail.

Attackers, in all these instances, made their remote operations appear as normal SSL traffic that were encrypted for reputed websites, Consequently, tools for analyzing netflow anomalies and inspection of packets could hardly distinguish between the malevolent and harmless activities.

Eventually, the report suggests organizations to deploy additional software which would spot compromises, such as network and host based Intrusion Detection Systems (IDS), along with systems that'd perform event-logging more thoroughly. Moreover, any organization, which feels it's a victim of targeted assault, must consciously reply to the threat instead of reacting instantly for halting the infection as also restoring hijacked accounts. That's because perceiving a malevolent assault's total dimensions enables easier recovery, whereas making a hurried response may result in the non-detection of several hijacked assets, Mandiant explains.

Related article: Cyber Child abuser Sentenced To Imprisonment

» SPAMfighter News - 2/4/2011