Facebook unveils ThreatData security tool - PHOTO

Facebook unveiled the ThreatData service in a blog post. ThreatData is a central intelligence tool designed to automatically detect, catalogue, offer IT administrators information on and combat incoming cyber threats.The company said it has already successfully used ThreatData to spot and mitigate a campaign targeting feature phones."In the summer of 2013, we noticed a spike in malware samples containing the string 'J2ME' in the antivirus signature. Further investigation revealed a spam campaign using fake Facebook accounts to send links to malware designed for feature phones," read the post."The malware, specifically the Trojan:J2ME/Boxer family [3], was capable of stealing a victim's address book, sending premium SMS spam, and using the phone's camera to take pictures. With this discovery, we were able to analyse the malware, disrupt the spam campaign, and work with partners to disrupt the botnet's infrastructure."Facebook claims the ThreatData service was able to spot the threat thanks to its unique "Feeds" technology. Feeds are custom information streams that collate data such as VirusTotal malware hashes, malicious URLs from multiple open-source blogs and malware-tracking sites, vendor-generated threat intelligence and Facebook's internal sources of threat intelligence."Feeds collect data from a specific source and are implemented via a lightweight interface," explained the post."The data can be in nearly any format and is transformed by the feed into a simple schema we call a ThreatDatum. The datum is capable of storing not only the basics of the threat (e.g. evil-malware-domain.biz) but also the context in which it was bad. The added context is used in other parts of the framework to make more informed, automatic decisions."Facebook says it expects its new ThreatData service to detect more undiscovered threats in the very near future."Discoveries and detection capabilities like these are just the tip of the iceberg. We're constantly finding new ways to improve and extend the ThreatData framework to encompass new threats and make smarter decisions with the ones we've already identified," read the post.Despite Facebook's bold claims, some experts within the security community have questioned the effectiveness of the ThreatData service. Trend Micro senior threat researcher David Sancho told V3 the feature's reliance on intelligence from third-party companies will limit its ability to protect Facebook customers."It looks interesting but the real limitation is the starting data and no real practical application for Facebook. The challenge is that they don't have any data themselves but rely on third parties to get the data and then process it," he said.FireEye director of technology strategy Jason Steer was equally doubtful about Facebook's ThreatData service, arguing that it will likely only be able to protect users from basic cyber attacks."For crimeware-type attacks it will be pretty successful as it will likely have been seen elsewhere, so is easy to spot and remove. [But] truly unique attacks – where it's very low volume, maybe one URL to one user only – may skip below the radar," he said.Facebook is one of many technology companies to attempt to create a central library of all known cyber threats. Security firm Symantec pledged to create a centralised information-sharing big data hub to help customers spot and pre-empt top-shelf custom-built malware in October 2013.(v3.co.uk)ANN.Az