RSSFacebook's response: Worms are not our problem
By Scott M. Fulton, III | Published August 8, 2008, 11:30 AM
The response from representatives of social networks impacted this week by the discovery of a type of worm that targets them specifically, appears to have come straight out of West Side Story. They're playing it cool, boys, real cool.
In a company blog post late yesterday, whose timing is the main indication of its being a response to concerns raised earlier this week over Kaspersky Lab's discovery of a worm being disseminated through social networks, Facebook's head of security, Max Kelly, advised users that if they really think they have a worm or virus on their computers, they should contact Microsoft or Apple.
"If your Windows PC or Mac is ever infected with malware or a virus, check out these helpful sites," Kelly writes, following that with links to the main security pages for the two leading OS manufacturers.
Facebook's commitment to user security, Kelly says, is demonstrated by the fact that he and his team are preparing to attend the upcoming DEFCON security conference in Las Vegas.
But their travel plans were put on hold for awhile in order to address the worm Kaspersky's team found, which he says "was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."
Although some have described this strain of worms, which Kaspersky has dubbed Koobface, as "elaborate," Symantec's description of its operation shows it to actually be somewhat unsophisticated, and rates its risk of damage as "very low."
Essentially, it uses social techniques to fool the user into installing it. Then, masquerading as a video codec, it puts up a false error message while searching the victim's system for cookies. It then adds links to the worm's own distribution site to those cookies, making other social network members who view the victim's profile think that the site is one of his personal favorites. That's what convinces others to click on the link and check it out.
There's no evidence of destructive capability for this worm, though conceivably, its distribution method could later be paired with a more destructive payload. Though most security firms only record two strains of the worm thus far in the wild, a check of Kaspersky this morning reveals eight more strains have been found since the initial discovery.
For its part, the customer notice blog for MySpace -- the other social service where the worm has shown up -- has yet to acknowledge the existence of any problems. Meanwhile, Facebook's advice to customers remains in a "stay-the-course" vein: Don't share your password with anyone. And if you see suspicious activity, report it to Facebook and they'll be happy to look into it.
"The security team is always happy when we see spammers complain that it is too hard to make a profit from Facebook," Max Kelly writes. "We're also happy when we hear from our users that they consider us a safer place to be online."
Come on guys, let's close that ridiculous malware site full of privacy-infringements.
It's the BIGGEST malware site on the internet.
Score: 0
|Same goes to myspace (AND Youtube)
Score: 0
|The issue is between the keyboard and the back of the chair in most cases. People claim they didn't realize their was a problem... but ignorance is not a virtue! Some folks are addicted to clicking on everything they see. DOH!
Score: 0
|Isn't this common sense? Yes, if there's a worm traveling through Facebook's system, they SHOULD eliminate it automatically using anti-virus software. The issue is larger then that. The problem is you still have people downloading questionable content from people they don't know and from sources (i.e., bittorrent or limewire) that are well known as being unsafe. As MAZZTer stated, for a cookie type infection like this one to get control of your system you're already infected with Malware of some sort.
People need to either pay for solid anti-virus software or pick up a free for consumer version from a company like Avast!. Avast! is 100% free, and I've used it on all of my personal machines in the past.
Facebook can't tell people what applications to download and install, and I don't think they should, as long as they're eliminating any hostile code which passes through their system.
Warm Regards,
Scott Hardy
http://www.topclassactions.com
Score: 0
|So... is this a 'virus' that hijacks a browser? Does it sniff packets and get social network access that way?
If it's a browser hijack, then certainly Opera and Safari users are safe -- probably Firefox users too...
This article is interesting and it's good that the risk of damage is 'low' - but seriously, without knowing the conduit for the damage, it's hard to really be able to take this article seriously.
Score: 0
|The article states it works by using your Facebook cookie.
Although it doesn't say more than that, the easiest way is for the virus to pretend to be the user and navigate the user's settings on the site to add its link.
For any site that allows you to log in and then stay logged in over multiple browser sessions, it would be possible for malware to use this to gain access to your profile on said sites and do anything with them that you could.
The only thing this has to do with what browser you use is that each browser stores cookies separately, and the malware author is going to code in support for the common browsers.
IE stores cookies in plain text. I believe Firefox 2 uses an XML-type format, and Safari does as well.
All these would be relatively easy to steal, but remember malware would have to be ALREADY running on the computer, which I consider to already be "Game Over".
Opera uses some proprietary binary format, but it doesn't look extremely complicated, although it looks like cookie paths are stored weird... Firefox 3 uses an SQLite database, which would be possible to support using an SQLite library I imagine. Still it would be more work than simply reading in text files.
Score: 0
|Users must be protected from themselves.
A couple weeks ago i sold one of my old computers with fully patched xp and 2 days later i went over because he was having problems 33 bloody infections in 2 days.(mostly from limewire)
Score: 0
|I've reported this type of attack on hi5 about one month ago and their customer service was really cool and have taken measures immediately.
What's wrong with facebook?...
Score: 0
|I've avoided facebook, myspace, and linkedin ever since my first visits. The idea of public social networks is so foreign to how I think things should be done online I can't fathom ever considering joining. The design of these sites is the icing on the cake.
Score: 0
|Its the end users problem, its up to everyone to stay informed... and click wisely, period.
Score: 0
|agree,
its the end users problem for using the service and they need to find out which service providers is pro active and click wisely towards the safer option.
Score: 0
|I couldn't agree more. Don't blame the service for user stupidity.
Score: 0
|also agreed, the people deserve the discomfort for not paying attention and reading.
Score: 0
|i concur, but too there are too many novice computer owners out there!
do we just sit back and watch the DDoS attacks, just for sh**s and giggles.
Score: 0
|actually the referral for the clients to contact microsoft or apple is inappopriate.
it requires a coordinated effort by the service providers to make the internet infection free.
if clients begin to receive a lack of responsiveness or a disregard for their safety, they will begin to find and use another service that takes a pro active initiative to ensure quality.
Score: 0
|