Social ThreatsSocial ThreatsH F il W AHow Fragile We Are

George Lucian Petre, Product Manager for Social Media Security

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 2

The Social Ecosystem

‐ Over 800 millions Facebook users‐ Over 200 millions Twitter users‐ Over 7 million Facebook ApplicationsOver 7 million Facebook Applications‐ Over 1 million Twitter Applications

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 3

2010 and 2011 saw2010 and 2011 saw2010 and 2011 saw Social Media Security as a “trending” topic

2010 and 2011 saw Social Media Security as a “trending” topic

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 4

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 5

A Picture is Worth a Thousand Words

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 6

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 7

Social Game Scams

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 8

“Beauty” Scams

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 9

Who’s Stalking You?

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 10

Likejacking

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 11

Social Scams as Biggest Mobile Threat

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 12

Scams Migrate to Twitter

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 13

Tagjacking

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 14

Complex Scam Mechanisms

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 15

Commentjacking

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 16

Get Followers, Fans and Spam, p

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 17

Chat Roulette – How Social are Our Children Online?

15 16

14

17

1919Really?

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 18

16

How Effective is a Facebook Scam?

14 unique Facebook Apps 286 unique urlsq pp q

1,411,743 clicks 35 hours traffic spike

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 19

July 2011 – Firesheep Lives OnTop pages still lacking ssl s pportTop pages still lacking ssl support

Page Name Number of Fans

Youtube 41,671,833

Coca Cola 32,297,560

Justin Bieber 32,982,053

Th Si 31 949 681The Simpsons 31,949,681

Cristiano Ronaldo 30,941,973

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 20

Why are Social Threats so BIG?

Scammers’Cloud

1 click/touch

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 21

Have we learnt anything from our experience ith the Windo s Platform?with the Windows Platform?

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 22

Unique Samples (2000 – 2010)

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 23

The Social Media Vicious Circle

Numerous third partyPowerful API third party 

appsPowerful API

The Social Media Security Vicious Circle

Huge popularity of 

social

Third party Security A ?

Vicious Circle

social platforms

Countless

Apps? 

Countless users 

attracted by  malware creators

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 24

Bitdefender Safego is the solution we developed as a response to the t f th tnew type of e-threats.

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 25

Security Solutions’ Actions vs Social Media APIs

F b k• Facebook:

•Facebook•Blocking alerts•Notify user•Twitter•Blocking alerts•Notify user

• Wall• Private Messages• Chat• External likes

• Twitter• Twitter• Timeline• Private Messages• User profile• Other Apps

Detection Warnpp

DisinfectBlock/Filter

•Facebook•Twitter

•Facebook•Twitter

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 26

Restricted API for Security Solutions

TransparencyTransparency

ProxyProxyPrivacyPrivacy

Security API

Security APIAPIAPI

Blocking Al t

Blocking Al tValidationValidation AlertsAlerts

Parental Parental control policiescontrol policies

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 27

What would be the standards applicable to a third Part Sec rit API ?third Party Security API ?

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 28

THANK YOU!glpetre@bitdefender comglpetre@bitdefender.com

@glpetre

Copyright@bitdefender 2011 / www.bitdefender.com 10/13/2011 • 29