One worm’s squiggle into a social network has been stopped

August 8, 2008 | Eric Eldon | Comments | |

A “worm” has been spreading through Facebook, trying to take advantage of users’ friend relationships to send spam messages containing potentially harmful content. Facebook’s security team says it has disabled the current attack and adds that less than .002 percent of its 90 million users were affected (around 180,000). But if you were a victim here’s what you got, as explained by security firm Sophos earlier this week.

The malware works by directing your ‘friends’ on the social-networking websites to click on a link [see screenshot] to another site purporting to contain a video clip. If they are tricked into downloading an executable to ‘watch’ the video at the third party website, a message is displayed: “Error installing Codec. Please Contact Support”

The “executable” software would then use a variety of techniques to extract potentially sensitive information from your computer. This not the first time that Facebook has been under attack from bad hackers, as Nick O’Neill notes — and being a targeted web service is a red badge of success. And of course, MySpace and other large rivals have also been targeted. Yesterday, we covered a panel discussion about security issues on social networks, during the Black Hat hacker conference in Las Vegas. Meanwhile, Facebook’s data team was at a neighboring security related conference in Vegas, called Defcon — where the team fixed the worm.

Facebook and other large sites will no doubt continue to face attacks — a Sophos study claims that 41 percent of Facebook users risk revealing sensitive information that could be used to do things like fake their identities. Keep in mind, of course, that Sophos gets its business (and press coverage) from the same security issues that it’s reporting on.

Indeed, users themselves bear some responsibility for doing things like clicking on an ad that looks like the image above, or sharing their passwords with random people. At some point, all social networks can do is try to keep their users informed about the threat and how to counteract it.

Next Story: Web-hosting company Rackspace holds IPO
Previous Story: MyListo offers social shopping application on Facebook

Bookmark and Share

Tags: ,

Photo of Eric Eldon

About the Author, Eric Eldon

Eric currently covers digital media technology and business news, especially what's happening on social networks and their platforms. He also writes and edits stories about venture capital, and lots of other stuff, too. He started at VentureBeat in the spring of 2007, half a year or so after Matt Marshall left his reporting job at the San Jose Mercury News to found the site. Eric previously cofounded a startup called Writewith, that was building editorial software for newspapers and other groups of writers. The startup didn't work out, but he learned a lot.

  • I agree that all social networks have loopholes for spam. But for some reason, I always seem to see stuff happening on Facebook. I just don't like using it for some reason, mostly because of all the applications. What is worse, is the new layout they are using which really makes it tricky to get used to.