Facebook, Android Increasingly Under Attack: AVG Q1 Security Threat Report

Internet and mobile security company AVG Technologies has observed a jump in attacks targeting Facebook and Android, unsurprisingly both platforms with a user base that continues to rapidly grow all over the world.

In its just released “AVG Community Powered Threat Report”, the company posits that the first quarter of this year saw a major jump in malicious campaigns on Facebook, which have increased threefold in the last 12 months.

The company also noted a notable increase in risk for smartphone users, and the Android platform in particular. AVG says the open source nature of the OS as well as the “open-garden approach” in allowing users to install software on their phones opens the door for hackers to write malicious code. The fragmentation of the Android platform also doesn’t help, AVG adds.

During Q1 2011, AVG marked 0.20% of downloaded Android apps as malicious.

Going back to Facebook, AVG Technologies notes in its report:

Facebook’s popularity has its price. Cyber criminals naturally tend to target the most popular applications or services used by the majority of Internet users, in the case of Facebook it can reach out to a huge amount of people. Social networks have become a haven for cyber criminals. The built-in trust among “friends” on social networks makes it easier for a cyber criminal to deploy successful attacks against these users.

AVG data shows that approximately 42% of the detected malware on the social network is related to Facebook applications.

According to the report, Facebook users are increasingly being lured to go through multiple ‘surveys’ in order to watch some promised seedy video or picture. Often, one of the survey pages includes click-jacking or so-called like-jacking, where the victim is asked to press a button, but although it’s not visible to the viewer, the attack page has placed a transparent GIF over the top of the button, so that instead of the button getting the click, the GIF gets it.

The GIF then runs a script to tell all their Facebook friends that he or she “likes” a video or image, and that they should check it out. Thus, the malicious campaigns take advantage of the viral nature of Facebook to spread.

Last year, AVG spotted an average of one such campaign per week, usually running on weekends, and usually netting 200,000 to 300,000 victims, but this has now apparently accelerated to a fresh campaign every other day or so.

The report is based on traffic and data from AVG’s Community Protection Network, which the company bills as an ‘online neighborhood watch’, followed by research performed by the security software maker, over a three-month period.

AVG notes that during this period, attacks using Blackhole Exploit Kits, attack toolkits that exploit several vulnerabilities to execute arbitrary code, are clearly on the rise. During one week in February 2011, the company observed a jump in Blackhole attacks from a few hundred per day to a whopping 800,000 in a single day.

Also worth noting: AVG says bit.ly is the URL shortening service most often exploited to spread spam messages. Popularity indeed seems to have its price.

According to AVG, the United States is still the dominant source of spam, followed by the UK, with Brazil a clear runner up. English remains the main language used in spam messages.