Sophos Warns of Facebook Malware Attack

The popular networking site Facebook is the target of a new attack that is spreading messages with malicious links.

Boston-based IT security and control firm Sophos is warning users about the problem. Sophos said a Facebook user's computer can be infected after they view a video that is infected with the bad code.

According to Sophos, messages left on Facebook users' walls are urging members to view a video, which appears to be hosted on a Google website. But users who click on the link are taken to a site which urges them to download an executable file to watch the movie, according said Graham Cluley, senior technology consultant for Sophos. The file downloads malicious code and displays an image of a court jester sticking his tongue out.

Cluley said the new attack leaves both home and workplace computers vulnerable. Many employees now access the networking site in the office from their work computer. He advised companies to educate workers who access the site to be on the lookout for the dangerous message, which includes a link to a third party website http://www.google.com.id. [removed].cn/gallery.php?id=.

"The message asks people if they want to download an executable file to view the video. At that point your users should say'No, I don't,'" said Cluely. "People have got to learn that clicking on links in messages to websites can lead to a malware infection, whether the messages are in your email or on a site like Facebook."

Organizations will also want to have a Web security and control appliance in place that filters internet access and prevents the downloading of malicious code, he advised. While businesses are now doing a good job scanning emails for potentially bad messages, Web 2.0 sites are not.

"Messages sent by Web 2.0 sites aren't being scanned," he said. "And Web 2.0 sites aren't doing a good job filtering. It is sort of 1990's era technology being used by these sites."

The new attack may also be a wake-up call for companies to consider internal policies in sites like Facebook in the workplace. Cluley pointed not just to security risks, but productivity issues, too.

"Ultimately that decision is for each individual company to make. But they may have to ask themselves: Do all users need to access these kinds of sites? Or do only certain people in some departments need access? If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."

This is the second time in recent weeks Facebook has dealt with security problems. Last month, Sophos's Cluley discovered a glitch in a test version of Facebook's Web site inadvertently exposed the birthdays of Facebook's 80 million members.

Subscribe to the Security Watch Newsletter

Comments