Facebook application employed in white-hat hack
Written by IT News on 2:48 PMA group of researchers from the Foundation for Research & Technology Hellas, Institute of Computer Science Greece, have shown the threat which can be exploited through Facebook. The scientists created a simple application, called "Picture of the Day", who promised to show an impressive National Geographic picture per day.
The researchers were able to show what they had been suspected from the start - that people are enthusiastic about each new gadget, allow itself to be blinded by it and forget about taking at least minimal safeguards against the threat. The same happened to the subjects of this experiment - which did not know that they were actually tracked. When someone clicks on the picture, their computer became a bot on a network created by researchers.
"We have placed a special code to the application source code, so that each time a user looks at the photo, HTTP requests generated in the direction of a victim host. Detailed application embeds four hidden pictures with inline images hosted on the victim. Every time a user clicks inside the application, inline images are taken from the victim, causing the victim to serve a request for 600 Kbytes, but the user is not aware of that fact (the photos are never shown). "The team explained in a recent report issued.
Even the Greek scientists do not advertise in any way app they had created; gossip on the "Picture of the Day" made rounds among its peers, and then spread unexpectedly quickly. During the first day of the experiment, the machinery of about 1000 unwary people from all over the world were bots.
"We have shown that applications that live within a social network can easily and quickly attract a large user-base (in the order of millions of users) that can be redirected to attack victim’s host. We experimentally determined user-base to be distributed, and a worldwide scale. Finally, we have shown that victims of a FaceBot attack may be the subject of an attack that will cause it to serve information to the size of gigabytes per day. "researchers said, underscoring that their attacks had virtually harmless, which is certainly not the case of a real botnet offensive.
0 comments: Responses to “ Facebook application employed in white-hat hack ”