Facebook Scrambles to Squash Worm

Ah the thrills and spills of Web 2.0. Facebook reported this
week it had blocked links to malicious Web sites that affected a small
percentage (the company said .002 percent) of its users. The perpetrators left messages on the posting area or “walls” of Facebook users, urging visitors to view a video purported to be hosted by Google or YouTube.

“We’ve identified and blocked the ability to link to the malicious
websites from anywhere on Facebook” Max Kelly, head of security at
Facebook, said in a blog
post
.

Ironically, Kelly noted his team had to work into the night to install a
fix for the worm before leaving for the Defcon security conference in Las Vegas.
It’s not clear what specific, if any harm the worm may have done; some
reports said clicking the link merely downloaded an image of a jester.
Facebook was unavailable for comment.

The attack comes at a time when enterprises are under increasing pressure
to introduce more consumer technologies, particularly Web 2.0 and social
networking type applications, for both better interactions with customers
and to appeal more to prospective, typically younger job applicants more
comfortable with the tools than traditional business software.

“Enterprises need to have a presence on the Web and they want to be
relevant,” IDC analyst Caroline Dangson told InternetNews.com. “But
stories like this signal the need for sites like Facebook and MySpace to
filter and be more proactive.”

Dangson credits Facebook with responding quickly to address the issue,
but she said social networking sites tend to rely too much on community
policing to address problems of this sort, which is more reactive than
proactive.

For the near-, and perhaps long-term, one analyst expects more of the
same. “This happens every time some cool new technology comes along that
attracts a lot of users,” Sara Radicati, president and CEO of the Radicati
Group, told InternetNews.com. “We’ve seen it with e-mail and instant
messaging; their popularity makes them a become a big target for the bad
guys.”

On the other hand, she notes incidents like this are a wake up call that
should spur Facebook and others to do more to secure their sites. Facebook
is also already working with enterprises on ways to make the social network
more
accessible
to corporate users and acceptable to IT security concerns.

For now, Kelly noted several things Facebook users can do to protect
themselves. The list includes reporting spam to Facebook. “The more reports
we get, the easier it is to respond decisively.”

The blog post also included well known warnings not to share your
Facebook password with anyone and links to Microsoft and Apple security
sites for help with malware infections.

News Around the Web