RealTime IT News

Facebook Scrambles to Squash Worm

Ah the thrills and spills of Web 2.0. Facebook reported this week it had blocked links to malicious Web sites that affected a small percentage (the company said .002 percent) of its users. The perpetrators left messages on the posting area or "walls" of Facebook users, urging visitors to view a video purported to be hosted by Google or YouTube.

"We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook" Max Kelly, head of security at Facebook, said in a blog post.

Ironically, Kelly noted his team had to work into the night to install a fix for the worm before leaving for the Defcon security conference in Las Vegas. It's not clear what specific, if any harm the worm may have done; some reports said clicking the link merely downloaded an image of a jester. Facebook was unavailable for comment.

The attack comes at a time when enterprises are under increasing pressure to introduce more consumer technologies, particularly Web 2.0 and social networking type applications, for both better interactions with customers and to appeal more to prospective, typically younger job applicants more comfortable with the tools than traditional business software.

"Enterprises need to have a presence on the Web and they want to be relevant," IDC analyst Caroline Dangson told InternetNews.com. "But stories like this signal the need for sites like Facebook and MySpace to filter and be more proactive."

Dangson credits Facebook with responding quickly to address the issue, but she said social networking sites tend to rely too much on community policing to address problems of this sort, which is more reactive than proactive.

For the near-, and perhaps long-term, one analyst expects more of the same. "This happens every time some cool new technology comes along that attracts a lot of users," Sara Radicati, president and CEO of the Radicati Group, told InternetNews.com. "We've seen it with e-mail and instant messaging; their popularity makes them a become a big target for the bad guys."

On the other hand, she notes incidents like this are a wake up call that should spur Facebook and others to do more to secure their sites. Facebook is also already working with enterprises on ways to make the social network more accessible to corporate users and acceptable to IT security concerns.

For now, Kelly noted several things Facebook users can do to protect themselves. The list includes reporting spam to Facebook. "The more reports we get, the easier it is to respond decisively."

The blog post also included well known warnings not to share your Facebook password with anyone and links to Microsoft and Apple security sites for help with malware infections.