Researchers warn of Facebook malware

Sites such as Facebook could soon become DoS launch pads

A group of Greek security researchers has created a tool to turn Facebook into an attack platform.

The researchers are from the Institute of Computer Science at the Foundation for Research & Technology Hellas, along with a researcher from Singapore's Institute for Infocomm Research.

In a paper entitled Antisocial Networks (PDF) the researchers demonstrated an application that causes Facebook users to unknowingly participate in denial-of-service (DoS) attacks against other sites.

The 'Facebot' tool was disguised as a National Geographic 'picture of the day' application which users install into their Facebook profile page, thus allowing it to access account information and request new photos.

When users access the application to view a new photo, they unwittingly become internet attackers.

Along with the request for a new photo, Facebot sends a series of HTTP requests to an outside target. The multiple requests for each user ultimately add up to 600KB worth of data per click.

With enough users subscribing to the application, Facebook could become the launch pad for major DoS attacks.

Because the applications can be disguised as non-threatening items, users could unwittingly participate in a large-scale attacks.

The researchers noted that Facebot exists only as a proof-of-concept, and that there are no known instances of such a tool being used in the wild. However, they believe that the risk is still very real.

Facebot does not exploit a single vulnerability in Facebook, but instead builds on the core components of social networking services, such as large user bases and open platforms for the exchange of code and content.

"Social networks have some intrinsic properties that make them ideal to be exploited by an adversary," the researchers said in the report.

"All these characteristics give adversaries the opportunity to manipulate massive crowds of internet users and force them to commit antisocial acts against the rest of the internet without their knowledge."