David Wood Microsoft
download slides (PDF)
Over time, users have regularly been provided with new methods of communicating online with their social contacts, and malware creators have never been far behind in utilizing these same methods to spread their malicious payloads. While mass emailing worms were once highly prevalent, we have since seen malware graduate to spread via instant messaging, and later via social networking sites as users adopted these technologies. We are now beginning to see malware attempting to use programs such as Skype and Twitter to spread amongst the user community.
This paper investigates malware families that use Skype, Twitter and other such technologies to spread, and which also take advantage of them for other elements of their payload such as for command and control, or for information stealing. We look at the methods the malware uses to interact with these applications and their protocols in order to achieve these aims. We also examine social engineering techniques used by the malware, as well as methods used to attempt to avoid detection by security products, or to otherwise prevent removal from affected systems.