Facebook botnet risk revealed
Researchers have created a proof-of-concept application for Facebook that turned the machines of people who added the app to their Facebook page into elements of a botnet that in a demonstration launched denial-of-service attacks on a victim server.
"Social Network Web sites have the ideal properties to become attack platforms," according to a paper entitled "Antisocial Networks:Turning a Social Network into a Botnet," that was authored by five researchers from the Institute of Computer Science in Greece and one from the Institute for Infocomm Research in Singapore.
The demo application, called "Photo of the Day," displays a new photo from National Geographic every day. However, every time someone views the photo, the host computer is forced "to serve a request of 600 Kbytes," according to the paper.
Such a botnet could be used for other types of attacks, such as spreading malware, scanning computers for open ports, and overriding authentication mechanisms that are based on cookies, the paper warned.
The researchers suggested that Facebook and other social networks be careful in designing their platform and application programming interfaces (APIs) so that there are few interactions between the "social utilities they operate and the rest of the Internet."
In addition, the apps pose privacy risks as well because of the access they have to the data of the people who add the apps to their pages, the paper says.
Similar privacy and security concerns have been raised by others after previous third-party apps have been found to have security holes in Facebook.
Facebook representatives did not return e-mails seeking comment.
By Elinor Mills
No responsibility can be taken for the content of external internet sites.
Return to internet news headlines
View Internet News Archive