Offtopic of the day: Viruses to permanently change social networking?
Every now and then you just stumble upon something that you just can’t keep your mouth shut, even though it would be completely inappropriate to talk about it in the current context. Don’t you? I know I do. So… Enter the random thoughts part of the blog.
I spent sizeable chunk of today entertaining myself via YouTube. Me being the geek that I am, the entertainment didn’t involve videos that would actually have some entertainment values, instead amongst others I watched F-Secure Labs videos, featuring Mikko Hyppönen. Pretty interesting stuff, like the retaliation function of Storm botnet or the Targeted attacks; Using SQL injection (or any other type of attack) just for data gathering purposes (just like recon in the army), to prepare for the actual attack, thus making it personalized and more effective. Which email would you rather open, a random mail with weird topic or a mail from your coworker, talking about the project that you are working on? It seems to me that computer viruses are evolving on accelerated pace.
At the moment these are just couple of targeted attacks, and even those were directed to companies, the masses are still getting the anonymous “Click here” -link treatment. However, there is certain what if scenario where data gathering and “AI” are meshed together, and this might change everything in social webspace. Permanently.
What If?
Lets take a trip to future, all the way to year 20xx. (Newsflash! I’m not actually an oracle so I can’t really tell when or if this will happen..) Now, think of ordinary a virus, designed to build botnets for criminal purposes. The virus would probably use it’s own botnet to spread itself, to serve the infected web pages or something completely different, and of course the virus would sport enough AI to recognize when it’s being analyzed, thus launching dDOS attack against analyzer. Just like Storm, so what?
Well, here comes the WHAT IF: What if the virus would sport enough “AI”/behaviour to automatically personate and target attacks on individuals? Just think of it. We all have considerate amounts of personal information on (insert any social networking service here), thus making the directed attacks possible. The information is just sitting there, waiting to be abused. (And I would think that for the career criminals, these are one of the prime sources for information when targeting companies) The email harvesting virus could just as easily go to Facebook, search with the email it just found and violá, the anonymous email just got person tied to it, making automatic personated attack with your own name possible. What if your profile is public? Then the virus would get all the information it needs, like the names of your friends. The email could be spoofed so that it looks like it’s coming from your friends, just look at the wall posts, who do you keep most in touch with. And again, you could harvest more information from there, like the topics you discuss of, given that the virus has enough “intelligence”.
Or you wouldn’t even need public profile/page/whatever, you just need to login to any social network from any infected computer and there you have it, your profile will be in the hands of the botnet, thus making you vunerable to targeted attacks. Now, if this should happen, I would say that the time of such open social networking, that we have been enjoying, is over.
Of course fully automated personalized attacks are still far away but the basic implementations of this kind of attack wouldn’t take too long to implement, just google the email, check couple of social networks and if it’s real, you would probably end up with the actual name or handle of the user.
Disclaimer: Now, of course I realize that mr. Hyppönen has his own agenda to advertize, he is after all one of the big names of computer security company. However, the targeted attacks, at least to my knowledge, are real and as such can’t be ruled out.
Targeted attacks by fslabs
E:VOLUTION (including Storm network retaliation) by fslabs
