Crackdown on online service exploitation

Filed Under: SophosLabs

Whilst reading the paper yesterday morning an interesting article caught my eye. It suggested that the UK Government are considering to impose some form of ratings system on web sites in order to thwart offensive and malicious activity. From the interview published in the Daily Telegraph (online here), it is clear that the Culture Secretary, Andy Burnham, is concerned about the dangers children may face when browsing the web.

The thoughts expressed in the interview have angered many. The bulk of the comments that have been posted in response to the article are of a negative nature, seeing the move as an attack against free speech. This is to be expected - any attempt by Governments to monitor content or enforce regulations will immediately cause censorship arguments to flare up. But if we try to step aside from these issues for a moment, and think specifically about the current state of affairs with cybercrime, I do think there is some underlying value in trying to address some of the obvious problems that exist today. In this blog post I will consider just one of these problems - the abuse of online services we all use and trust.

The bulk of internet users are largely ignorant. Ignorant of the technology they are using, and ignorant of the threats that are out there. This is not meant as criticism - one of the great things about technology is that it empowers people to do things very easily. But this ignorance makes it easy for the bad guys to scam people, from stealing their credentials in phishing attacks to infecting their machine with malware.

Of course, the article is more concerned with preventing access to inappropriate content, not protecting users from malware. But the mention of defining "take down times" is something that is relevant to both. The sites that are so popular with users are the same sites that are being exploited by malware authors and scammers.

Back in January, I blogged about the abuse of social bookmarking sevices such as Digg [2]. Well, the practise has continued apace throughout the year. For example, poking through some of the links submitted ('Digged') this morning, a batch of ones intended to infect victims with fake alert malware is quickly apparent. The lure in each is simple, just as with the social engineering in email-borne malware, as shown in the example below:

Anyone clicking on the link will go to a blog page providing a link to the movie content. After another redirection they end up at one of the familiar porntube sites we have talked about before (see for example here).

This simple example is a perfect example of one of the problems we have currently - the ease with which trusted services can be exploited. In the example, Digg and Blogspot have been abused, but they are not to be singled out. In reality a whole host of other similar sevices are being exploited in the same way.

The issue of take down (where upon notification, such services remove content rapidly) has become very important. But this is still reactive - users will still have been exposed to the threat. Should we not investigate methods of preventing the malicious content being uploaded in the first place? In many cases, the individuals posting the content are "new" to that service - of unknown reputation if you like. Our friend yetfaer who made the Digg posting above would certainly trigger even the most basic heuristics:

Similarly, the profiles of the posters of scores of pornographic content uploaded to popular video-sharing sites are suggestive of poor reputation. It should be trivial to reject (or classify appropriately) certain postings immedaitely, and not expose users to malicious or inappropriate content (reliant on user complaints/reports before the appropriate classification is made).

Rather than blanket enforcement of age-catgories, I would like to see more pressure on the providers of popular online services (video, blog, image and file sharing sites etc) to come up with more innovative ways of proactively blocking malicious or inappropriate content.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Fraser is one of the Principal Virus Researchers in SophosLabs. He has been working for Sophos since 2006, and his main interest is in web related threats.