When it comes to spreading malware on the web, virus writers are nothing if not creative. We’ve seen malware infiltrate everything from Facebook to Twitter to email to IM. Now it seems you can add another site to that list: Slideshare, the community for sharing your slideshow presentations on the web. Over the weekend, security firm ESET discovered that this popular social media resource was being used to spread malware in the form of fake slide decks. Although these initial attacks were relatively simple to detect, future variations could easily become more deceiving.
That’s Not a Slideshow, It’s a Virus!
According to ESET’s report, the attackers created slide decks which would contain a link to a malware-laden website and would then lure unsuspecting victims to Slideshare using traditional social engineering tactics. The presentations themselves should have raised a red flag for careful users, we think, but we have no way of knowing how successful they were at this time.
One of the presentations found included just one slide with a single link. The slideshow was purportedly offering a cracked download of ESET’s own NOD32 scanner, an antivirus software program. To lend credibility to the download, the attackers added in the SourceForge logo (as if the open-source application directory SourceForge was a place to find cracked warez!) Of course, when the user clicked the link, they wouldn’t end up on SourceForge, but on a spoofed site that looked very similar. A window would then pop up prompting the user to download a .EXE file. Since the user already thought they were accessing a link for a software installation program, they would click the link and let their computer be infected with the malware.
Of course you may scoff at these victims since they were trying to get “something for nothing” – in this case, a free anti-virus program when really they were being given a free virus instead. However, while you may not have fallen for this particular scam, it’s only one example of how the SlideShare platform could be used for nefarious purposes such as this. It’s not far-fetched to imagine that in the future attackers could create even harder-to-detect malware-infused slideshows. We foresee them copying a legitimate slideshow from the site and then including an extra page with their malicious link. News like this is all the more reason to run a good anti-virus program on your PC.
In SlideShare’s defense, they took action quickly against this threat. As soon as it was brought to their attention by way of the ESET blog post, SlideShare CoFounder Amit Ranjan responded in the comments saying:
“I just wanted to let readers know that the offending user account has been removed. Thanks a ton for bringing this to our notice. Spam slideshows are a problem for us. And as this example shows, they can be turned malicious as well. In case anyone comes across any other user account from where this is happening, please email us, and we shall take immediate action. As a company we are committed to stop all such malpractices.”
However, the rogue account which had been used to spread the malware had joined the SlideShare community in June 2009 and had uploaded as many as 2473 presentations before they were banned this week.
The more popular the site becomes, the more likely it will be used to spread malware, so perhaps SlideShare should be somewhat flattered that they’ve reached this level of notoriety. They’ve now joined the ranks of many other social networking sites who have seen regular malware threats invade their platforms. Facebook, for instance, has come under attack multiple times in the past, the most memorable of which was the Koobface trojan which leaped outside of Facebook to spread to other social networking sites. It continues to evolve, even infecting Twitter as recently as last month. But Facebook isn’t the only example by any means of social sites under attack. Unfortunately, any website or social community where users are allowed to post content could become victim to threats such as this.
What’s odd, though, is how many sites seem to think of security as an afterthought. Case in point, it was only on Monday of this week that we saw Twitter start filtering malicious links from being posted. These are the sort of features that really should have been included from the get-go. In SlideShare’s case, they may eventually have to go the same route as Twitter and partner with a malware-scanning service like Google’s Safe Browsing API to make sure their hosted content isn’t dangerous to their users. In fact, they may want to start looking into that right now.