Search engine malware more than doubled in 2010 and the crime rate on Twitter increased 20%, as cybercriminals continue to sharpen their focus and aim attacks at social networking services, according to a new report from Barracuda Networks.
If you're just randomly searching for a trending topic, your chances of getting malware are significantly increased on Twitter.
A 2010 study of search engine malware over a 153-day period found that 1 in 5 search topics are connected to malware. The study was highlighted in the Barracuda Labs 2010 Annual Security Report, which found more than 34,000 malware samples over the monitoring period.
Google served up the lion's share of malware-poisoned results (38%), followed by Yahoo (30%), and Microsoft's search engine, Bing, served up 24% of malware during the testing period. Barracuda said its study found malware writers distributing the malicious code more evenly among the search engines. Google began making strides last year, combing through millions of webpages to reduce search engine malware. While Google served up 69% of malware last June, that number decreased 45% by the end of the year.
For example, when LeBron James left Cleveland to play for the Miami Heat in July, trending links on the first page of Google contained rogue antivirus in the first five results, said Daniel Peck, a research scientist who has been studying search engine poisoning and cybercrime on social networks. "If you get there, it's a pretty good chance you're going to be successful," Peck said.
In addition, Barracuda found popular social network site Twitter serving up 8% of malware during the study, evidence that attackers are continually trying to game the system by spreading malware laden links before Twitter's antimalware engines can detect a problem. In a presentation at SecTor security conference in Toronto last year, Fabrice Jaubert of the Google antimalware team said the company continually deploys more technology and people into the process of weeding out malware, but called it a typical cat-and-mouse game, in which savvy cybercriminals find ways to avoid detection.
Barracuda has been analyzing 26 million Twitter accounts for more than two years, and is finding a steady rise in malicious content, Peck said.
Twitter is becoming a victim of its own success, he said. As users are becoming more active, malicious activity also increases, he said. In 2010, the Twitter crime rate (the number of suspended accounts) increased from 1.6% to 2% (20%) from the first half of 2010 to the second half of 2010.
"If you're just randomly searching for a trending topic, your chances of getting malware are significantly increased on Twitter," Peck said, adding that attackers are using many of the same techniques they use on search engine poisoning campaigns.
In addition to shortened URLs, Barracuda cited hijacked accounts as another concern and the ability of attackers to use automated tools to quickly set up fraudulent accounts and spam users of Twitter based on their tweets. Attackers used the NeoSpoloit exploit kit, redirecting users with shortened URLs to poisoned websites. Many of the sites served up rogue antivirus, Barracuda said.
Twitter has been making strides with security, Peck said. The social network had admitted to the Federal Trade Commission that serious security lapses resulted in the hijacking of many high-profile accounts.
The social networking service agreed to periodic third-party reviews of its security program over the next decade. Since then the service has deployed malware analysis engines and is fairly quick to suspend suspicious accounts, Peck said. In September, Twitter began forcing third-party applications using its APIs to use OAuth, a more secure protocol that uses tokens to better protect usernames and passwords, preventing the potential for account hijacking.
"It's kind of like giving someone the ability to enter your house as needed without giving them your full set of keys," said Paul Judge, chief research officer of Campbell, Calif.-based Barracuda Networks Inc.
Judge said the increased security is welcome, but a lot of Twitter accounts are still tied to weak passwords. Some cybercriminals are just guessing the passwords, Judge said. People are also using passwords that they share across different accounts. When the account credentials of as many as 1.3 million users of Gawker websites were stolen by cybercriminals in December, a few days later a large amount of Twitter accounts were hijacked, Judge said.
Judge said password management is getting better, but password managers need better integration with operating systems and browsers to get the human element out of remembering passwords. Peck said two-factor authentication, which is being rolled out with some Google products, could eventually find its way into some social networks.