HEAT Security Blog

Tiger Blood, Adonis DNA, Malware … Oh My!

As sure as night follows day, malware follows the meme. And latest meme, apparently, is all Charlie Sheen, all the time.

I don’t watch much TV (read: none), and don’t read many celebrity gossip blogs (read: none), but even *I* am painfully aware of Charlie Sheen’s seemingly wacked out 20/20 special and the sundry other interviews. As David Bauder from AP put it, these “interviews were a brilliant piece of performance art or evidence he’s off his rocker, or some combination of the two. He probably set a record for inserting more catchphrases into the public lexicon in the shortest amount of time.”

Inevitably, this spawned a slew of hot topic spin-offs, including:

  • A myriad of new drinks, such as the Charlie Sheeni Martini, the imaginatively named Charlie Sheen (“two and a half” parts Coca-Cola and Catdaddy Carolina Moonshine, an artisanal moonshine) found at the Ninth Ward in NYC, the Tigers Blood with a dash of Adonis DNA at the Moroccan restaurant Fifty Five in NYC, the Two and a Half Phenphen from the Crowne Plaza in White Plains, and many more.
  • SiriusXM has announced the creation of “Tiger Blood Radio,” – a 24-hour limited run channel that will explore the breaking news, facts, fallout and career implications of the Charlie Sheen controversy.
  • A whole new twitter explosion around his antics, including his hashtag #charliesheen and a host of imitators / remoras like: #CharIieeSheen, #_CharlieSheen, #TeamSheen, #SheenoIogy, #tigerblood, #winning, #dealwithit and so forth.
  • And a host of companies jumping on-board, hoping to capitalize on this meltdown whatever it is.

As soon as I became aware of the explosion in interest around Charlie Sheen, I muttered to myself that it was only a matter of days before my spam filter was catching all sorts of “great” offers to watch “Newly revealed Charlie Sheen sex tapes” or “Ha Ha, Charlie Sheen is Crazy” or some such. And of course this too came to pass.

Chester Wisniewski at Sophos was the first (that I’m aware of) to report that Charlie Sheen’s wacky behavior is being exploited by a Facebook attack. Basically, you’re offered a video which will install an app, popup a survey scam, and then spam your friends. If anyone you know has been caught up in this scam, they can remove the app (see here to learn how) and the only loss is their reputation – which is better than some of the other scams floating around Facebook, like this phishing / malware combo for instance. In fact, my feed is chock-a-block with stories about Facebook scams, to the point where I wonder why / how these continue to spread. The answer is, of course, that Facebook is built around a trust model – call it the transitive theory of trust: I trust you, you trust her, so I’m likely to trust her too.

But trust is an ethereal thing – it has degrees and layers that are tenuous and easily broken – and must be used wisely, as Lucius Lobo writes in this interesting post. And so I’m unlikely to bestow this trust blindly, wildy, and on anyone who happens to fall within the six degrees of separation. No, I will only trust those who are carefully vetted, those who’ve proven worthy of trust. In other words, I do not throw out a wide net and then cull, but rather select carefully and monitor. And I assign “trust levels” – the inner circle, the secondary acquaintances, the tertiary orbit – and assess based on the situation. As the old joke goes, friends help you move but good friends help you move the body.

Now, before you think I’m going all mushy on you, let’s bring this back to Infosec. Specifically, how do you use social media like Facebook and Twitter (yup, lotsa scams floating around there too) without catching some sort of SMTD (Social Media Transmitted Disease)?

  • Trust Boundaries. We all learned about boundaries in kindergarten – and this is a good place to apply that lesson. To cadge a little from Lucius Lobo, we need to learn to apply trust wisely, to understand the risks of trust and be prepared to deal with the consequences of getting it wrong, and to use common sense. Put another way, I love and trust my aunt, but I don’t open the files she sends me. Apply those boundaries.
  • Change Browser. As we’ve discussed before, get rid of MS Internet Explorer 6 for heaven’s sake! Even Microsoft is begging you to do so. I mean, the Release Candidate of IE 9 is now available – there really is no reason to be on such an outdated browser. And you might take this opportunity to explore other modern browsers, like those from Mozilla (Firefox 3 is quickly nearing IE usage numbers, while Firefox 4 is now in beta) or Google (Chrome is continuously updated, and has a nice sandbox capability).
  • Use Add-ons. Which brings us to browser plug-ins: seems most folks have no problem customizing their iPod or modifying their car, but they leave their browsers in an “out-of-the-box” state. We’ve mentioned many times that using NoScript on Firefox goes a long to protecting you from web-borne malware, including those propagated via social media sites like Facebook or Twitter. In addition, I suggest you consider using a URL expander to understand whether that bit.ly or goo.gl or TinyURL link included in the post or tweet will take you to <rusgirlsxxxyyy.ru> (huh?) or <news.yahoo.com> (probably better).

Oh, and BTW, this also applies to trusting what applications you allow onto your machine, but we’ll discuss that another day.