Thursday, March 4, 2010

Tool Automates Targeted Attacks On Social Network Users

Via -

A researcher here today unleashed a free tool that impersonates a Twitter user's account in order to execute automated targeted attacks on his or her followers.

Pedro Varangot, a security researcher with Core Security Labs, says the group wrote the tool as a way to demonstrate and test for how social networks can be used for spear phishing. The initial version executes attacks on Twitter, but Varangot says it can be extended to work against Facebook and other social networks. The tool is based on Core's Exomind, an experimental Python-based framework written to test social network, search engines, and instant messaging attacks.

"We think spear phishing attacks are going to go [beyond] email because people aren't trusting email [as much] anymore," Varangot says. Social networks are already becoming a popular attack vector for spammers and worm attacks, and make an attractive target for spear phishing as well.

Varangot says the goal is to provide organizations with a tool for social networking security training, penetration testing, or just to show how these attacks could work. "The real value is making people think like attackers if they want to prevent real attacks. This lets you assess risk in a realistic way," he says. "A lot of people are talking about the problem of social networks and security, and we wanted to give them a solution."

He says he and his team at Core believe attackers eventually will build this type of tool as a way to leverage social networks for targeted attacks.

No comments:

Post a Comment