Online Social Networks (OSNs) have revolutionized the internet and social interactions by giving birth to e-societies. Being chain networks, OSN’s expose a wide attack surface for attackers to trigger infections, affecting a large set of users. This talk sheds light on the model of Socioware, a termed coined to represent social malware. The model of analysis used in this talk covers different sets of malware classes and attack techniques that are used by attackers to infect OSNs.
During the analysis of Socioware, this talk unveils the use of spreaders, classes of malware that are used to inject malicious messages into communication software, and loaders, features in a bot that recursively load malicious programs and plugins onto the infected machine, and how they are used in Socioware. This talk goes over several demonstrations and real-world examples that cover how OSNs such as Facebook, Twitter, etc. are hijacked and infected. Finally, the talk will conclude with effective defense tactics that OSNs can implement to reduce Socioware. We will discuss reverse engineered code snippets of different bots to backup our concepts on socioware.
- Details of Malware Exploiting Social Networks
- Protecting Yourself from Social Network Malware
- Shortcomings in the Design of Social Networks
About Aditya K Sood
Aditya K. Sood is a Senior Security Consultant at IOActive and a PhD candidate at Michigan State University. He already has worked in the security domain for Armorize, COSEINC and KPMG. His interests include penetration testing, web app security, and malware analysis. He has been an active speaker at industry conferences like DEFCON, HackInTheBox, LayerOne, Source, RSA , BruCon, ToorCon, HackerHalted, TRISC , EuSecwest, XCON, Troopers, OWASP AppSec, US-CERT GFIRST, and many others. He has authored several papers for various magazines including IEEE, Elsevier, Crosstalk, Virus Bulletin, ISACA, ISSA, and HITB.