Sophos Cloud Optix
A few weeks ago I was chatting with a colleague about the ways in which social bookmarking sites are abused. Over the past few years there has been growth in both the number of such services available, and their usage. The fact is that Web traffic is money nowadays. Common ways of guiding that traffic are:
- SEO techniques: packing a site with keywords in order to rank highly in search engine results (see previous blog posts [1,2])
- Compromising sites: modifying the content of other legitimate pages such that the desired content is silently loaded. (Most commonly used for delivering malware [3].)
- Spam: sending spam email messages containing a URL link, or posting the URL as comment spam to other online services (blogs, forums etc).
- Malware: once malicious code is running on a victim machine there are numerous ways in which web content can be directly or indirectly loaded (including DNS owning, as with recent Zlobs [4]).
This is where social bookmarking sites fit in. The web is a big place and time is increasingly short – services that collate, prioritize and present a digest of articles (the core role of a social bookmarking site) help us to sort the wheat from the chaff. The main advantage of such services is that it is us, the humans, that have control. How?
We have the ability to rate articles and affect their position within the digest provided from that service. In an ‘honest’ system, content that is popular and highly rated will float to the top, uninteresting poorly rated content will rarely waste your time.
But it is not an honest world. Such systems are easily abused by the unscrupulous out there. I am sure many of the services make attempts to prevent the abuse, but it is non-trivial.
How about creation of the target site? Easy. Simply use a free domain registration service or more easily one of the online blogging services, and you can have a site running in minutes. Add your content (be it advertising, malicious or whatever) and you are away.
Whilst writing this blog post I have been monitoring the submissions to one such bookmarking service in the hope of finding an example case. Did not have to watch for long!
Clicking on any of the links takes you to a meds site (via a redirect):
Our friend ‘missqimmat’ has been a busy blogger. Here are some of his other blog titles:
- butt cleavage
- brooke burke playboy
- board imdb message
- cause global warming
- brooke burke pics
- brooke burke hot
- awareness2007 global warming
- database imdb internet movie
- hero imdb
- cleavage hot
- cleavage toe
- brooke burke nude
- al global gore warming
- article global warming
- effects global warming
- imdb movie
- cleavage sexy
- cleavage teen
- brooke burke naked
- cleavage leg
- bikini imdb summer
- fact global warming
- comment imdb user
Clearly not alone either. Take a look at one of his comrades ‘kechquruuna’. An equally attractive range of titles:
- tattoo tiger
- lily tiger
- tornado foosball
- tornado fuel saver
- conference irwin news terri
- tornado form
- irwin king larry terri
- irwin jay leno terri video
- tornado siren
- auburn tiger
- tiger wife wood
- tornado season
- lsu tiger
- tiger tyson
- tornado information
Each of which provide a list of enticing links which take you to a meds site (via the same redirect site).
So, this is just one example of how the combination of some of the great online services we know and love present the bad guys with even more tools to clobber us. From research thus far, the bulk of the abuse I see is ‘spammy’ (porn, meds) and traffic (ad revenue) focussed, not for the installation of malware. But I predict that will change, in the not too distant future.