A short comment piece on how Facebook memetic games could be used in a data aggregation attack.
A few months ago I wrote a fairly short comment piece for Virus Bulletin on how some popular posts to Facebook that invite you to make use of your personal data might be useful to scammers and others as part of some sort of data aggregation attack. An example I included was a popular posting featuring a simple code whereby the poster, usually female, posts that ‘I’m [n] weeks in and craving [some kind of candy]’. where [n] represents the month as drawn from a list like this:
January – x weeks
February – y weeks
(and so on: the number isn’t a simple n+1 increment, by the way)
There is another type of list on which different types of food, especially candy, represent different days of the month.
1 – Snickers
2 – Oreos
3 – M&Ms
(and so on up to 31)
(Note that these lists have been modified from lists that I’ve actually seen, not just copied.)
That article was published in the February 2012 issue of Virus Bulletin, as you may have noticed if you’re a subscriber. If you’re not, you can now read Living the Meme (by permission of VB, who hold the copyright), on the ESET resource page here,
David Harley CITP FBCS CISSP
ESET Senior Research Fellow