Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Hackers using social networks as communications channel

The M-Trends report from Mandiant says that its researchers have seen a rise in the volume of advanced persistent threats that are hijacking legitimate social networks and web-based services, including Facebook, Google Chat and MSN, as command and control (C&C) networks for malware installations.

According to the report, social networks and web-based services, such as instant messaging, are being used to send instructions to malicious programs installed on victim networks, says the report.

Delving into Mandiant's report reveals that, whilst mass malware used by botnets and worms have employed similar techniques for many years, they have only recently been used by hackers.

Examples identified during Mandiant's investigations have included a first-stage malware downloader that used Facebook messaging for C&C facilities, as well as backdoors that used MSN and Google Chat services for C&C communications.

Other examples, says the IT research firm, include backdoors that parse C&C instructions hidden in HTML comments within compromised web pages, and a data theft utility that automatically transmitted multi-part RAR files via webmail.

"In each of these cases, the attackers effectively camouflaged their remote access as normal SSL-encrypted traffic to popular Internet sites. These techniques were resilient to both packet inspection and netflow anomaly analysis", says the report.

"The data was SSL encrypted, protocol-compliant and transmitted to common endpoints", adds the study.

According to Mandiant, the impact to victims is clear: organisations cannot rely solely on standard network monitoring for rapid detection and response to threats.

What’s Hot on Infosecurity Magazine?