The vulnerability of computer terminals and computer systems, including desktop PCs, laptops, tablet computers, mobile phones etc, to attack by malware and other intrusion processes (often referred to as computer “infections”) is widely acknowledged. Cautious users and system operators will protect their computers and systems by deploying appropriate security applications including antivirus applications. Security applications will introduce firewalls to defend against intrusion, as well as various engines to detect and eliminate malware including viruses, trojans, worms, spyware etc.
In recent years, social networking sites such as Facebook™ have seen a huge rise in popularity. Social networks allow people to share information and communicate with friends and family in a convenient manner. However, attackers have also seen the benefits of social networking sites, and have made these the subject of attacks. One such attack involves the attacker obtaining the credentials of one of the members of the network, and using the hacked account to post links or send messages, directing other members to malicious sites. The attack relies upon “friends” of the hacked user trusting that user's postings. “Koobface” is a computer worm which first appeared in 2008 and which uses this approach. In particular, it causes the hacked computer to send Facebook messages to friends, the message directing the recipient to a third-party website which prompts the friend to install a fake software update. If the friend chooses to install the update, his or her computer is joined to a botnet used for harvesting further user credentials and for serving pay-per-install software. The infected computer then spreads the botnet further in the same way.
Attacks of the type described in the previous paragraph are defended against to some extent by conventional security approaches. For example, security software may be able to detect an attempt to install a worm on a local system, or may detect redirection of a web browser to a malicious website. Nonetheless, it is always desirable to increase levels of security, for example to defend against attacks by previously unknown malware and intrusion techniques (so-called “zero day attacks”) as well as to protect computers and systems that may not have appropriate (e.g. up to date) security systems installed.
EP1990973 describes the provision of malware detection systems within a social network of computers based upon an analysis of communication patterns between the different users and the propagation of malwares through the network.