Facebook Application Turns Machines into Bots

							5 September 2008        By: Denisa Ilascu, Internet / SEO News Editor
                        Facebook Application Turns Machines into Bots
                        Greek researchers prove how applications can be employed in hacks
                        A group of researchers from the Foundation for Research & Technology Hellas, the Institute
                        of Computer Science Greece, has demonstrated the threats that can be employed via
                        Facebook applications. The scientists created a simple application, called "Picture of the
"Picture of the Day"    Day," which promised to display one impressive National Geographic picture a day. 
Facebook application
employed in white-hat   The scientists managed to prove what they had been suspecting from the beginning - that
hack                    people are enthusiastic about any new gadget, allowing themselves to be blinded by it, and
bryanwolski
                        forgetting about taking at least minimal protection measures against threats. The same also
                        happened to the subjects of this particular experiment - who didn't know that they were in
                        fact tracked. Whenever someone clicked on the image, their computer became a bot in a
                        network created by the researchers. "We have placed special code in the
                        application's source code, so that every time a user views the photo, HTTP requests are
                        generated towards a victim host. More precisely, the application embeds four hidden frames
                        with inline images hosted at the victim. Each time the user clicks inside the application, the
                        inline images are fetched from the victim, causing the victim to serve a request of 600
                        Kbytes, but the user is not aware of that fact (the images are never displayed)." the team
                        explained in a report recently issued. Although the Greek researchers did not
                        advertise in any way the app they had created, rumors about "Picture of the Day" made the
                        rounds among their colleagues, and then spread unexpectedly fast. In the first few days of
                        the experiment, the machines of approximately 1,000 unwary people from all over the world
                        became bots. "We have shown that applications that live inside a social network can
                        easily and very quickly attract a large user-base (in the order of millions of users) that can
                        be redirected to attack a victim host. We experimentally determined the user-base to be
                        highly distributed, and of a world-wide scale. Finally, we have shown that the victim of a
                        FaceBot attack may be subject to an attack that will cause it to serve data of the magnitude
                        of GigaBytes per day." the researchers said, underscoring that their attack had been
                        virtually harmless, which is certainly not the case with a real botnet offensive.




                                                                                  Page 1
                 Copyright (c) 2001-2013 Softpedia. All rights reserved. Softpedia™ and Softpedia™ logo are registered trademarks of SoftNews NET SRL.