March 2, 2009

Host Of New Viruses Hit Facebook Users

Security experts said on Monday that hackers have attempted to steal valuable data from Facebook users, as the popular social network site has been hit by five separate security problems in the last seven days.

Malicious hackers are capitalizing on the trust and social links that drive the network by creating fake messages using details of Facebook members, experts told BBC News.

Rik Ferguson, a senior security advisor at Trend Micro, said it has been a pretty bad week for social networking in general. Facebook had been hit by four malicious applications as well as a new variant of the Koobface virus that first targeted members of the social site in December 2008, he said.

He said the rogue applications on Facebook all try to steal saleable information from the profiles of those who open them.

One of the applications attempts to fool people into adding it by claiming that their friends were having trouble looking at their profile. Once a user adds the application, it spams itself to every Facebook friend the user has.

"The way that Facebook is built can make it tricky for members to spot malicious or rogue applications," Ferguson said.

Ferguson said that most security software looks for malicious activity on a user's own machine, but when Facebook members add an application, servers operated by the social site link the third-party computers hosting that program.

He said that the rogue applications on Facebook have, so far, been a nuisance more than anything else.

"It's almost as if the applications we have seen this week are a proof of concept," he said. "It would be much better for them to generate rogue applications that did not look like rogue applications."

Ferguson is calling for Facebook to review its policy of approving applications, as it currently only vets them after they are offered to members and have been reported as causing problems.

However, a Radio 1 Newsbeat interview with Mark Zuckerberg in late February revealed that the Facebook founder rejected a call to vet all the applications showing up on the site.

"Our philosophy is that having an open system anyone can participate in is generally better," Zuckerberg said.

"Members should be vigilant and never give out their password," said a spokesman for Facebook. He said Facebook did a lot of work behind the scenes to keep the site safe.

The spokesman said any users unlucky enough to fall victim to such apps should visit the Facebook security pages for help.

A sophisticated variant of the Koobface virus that debuted in December 2008 has caused additional problems for Facebook users.

The virus uses a Facebook message to try to get people to visit a fake YouTube page and install the malware. Ferguson said the virus posts the image from a Facebook member's profile on the video page to make it look more plausible.

The malicious program then hunts for cookies on a victim's computer and uses the details it finds in the small text files to log into other social sites that person may belong to.

"This is not just restricted to Facebook," said Ferguson, "it's a growing trend. Though I'm surprised it's taken so long for social sites to be targeted."


On the Net: