Internet users increasingly use a variety of social networking websites to connect with friends, family, and professional contacts, as well as with communities of people with shared interests, concerns, or beliefs. Many social networking sites benefit users by enabling users to exchange information with others whom they trust or respect. Unfortunately, malware authors may seek to exploit this trust for their own ends.
For example, some malware threats (such as KOOBFACE and SAMY) may, upon infecting a user's machine, harvest session tokens for one or more social networking sites from browser cookies stored on the user's machine. The malware may then use these session tokens to submit malicious or unwanted content to social networking sites under the user's account. For example, the malware may post a fake message under the user's account that urges the user's friends to follow a link that points to a copy of the malware (e.g., an apparently benign software installer that may install the malware on the victim's computer).
Security software may attempt to combat malware of this type by scanning executable files for signatures of the malware (i.e., patterns indicating the presence of malware), both to prevent users from disseminating the malware and to prevent the users' friends from downloading and installing the malware. However, changes to the malware (e.g., via polymorphism) or new threats may prevent security systems from identifying the malware until security system vendors update their signature databases.