Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

A new worm has been discovered on Facebook, again

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

January 10, 2011

A new worm that spreads using a photo album chat message began proliferating across Facebook over the weekend. There's been many security flaws found in Facebook lately and this one adds to the feeling of insecurity that many Facebook users have been experiencing lately.

The photo lure is used to dupe potential users into downloading a malicious file, which appears in the guise of a photo viewing application. Victims are prompted to click a "View Photo" button.

Unsuspecting users who fell for the scam became infected by malware and viruses, dubbed Palevo-BB by Internet security firm Sophos. The malware attempts to generate a message to the victim's Facebook contacts, continuing the infection cycle and replicating itself to thousands of other infected machines.

Facebook responded by removing the malicious application from its system it said.

Similar social engineering trickery is more commonly used to dupe users into completing worthless surveys, possibly handing over personal details in the process or signing up to expensive text message services.

All kinds of useless survey scams have become almost a daily issue on Facebook for the past several months and the problem is rapidly getting worse.

For example, one survey scam lure making the rounds over the weekend falsely offered a news update of the death of famous rapper Tupac Shakur.

The use of social engineering trickery to spread malware instead of simply tricking users into filling out worthless surveys suggests that cybercrooks might be upping the ante. The latest Palevo-BB worm is not the first malware strain to use Facebook as an infection avenue. Other social networking sites have been hit as well.

The most horrendous social engineering network worm to date has been the infamous Koobface worm, a strain of malware and viruses used to deliver potential victims to scareware scam portals or carry out click fraud. Palevo-BB uses similar lures but is not as sophisticated in design as the earlier Koobface worm.

All social networking users are urged to use extreme caution in the light of these latest events, and the use of anti-virus and anti-malware software on all PCs and laptops is strongly recommended by all Internet security professionals, as well as the use of hardware firewalls.

In fact, a news release issued in December reveals that Facebook's latest site redesign will create even more security holes and expose more user information than the old site did.

Internet security firm Sophos cautions that, launched in beta earlier this week and due to be rolled out gradually over the coming weeks, the revamped website is designed in such a way as to encourage users to expose even more information about their daily lives to the dominant social networking site.

Security-wise, the site revamp is seen by most in the Internet community as a big step backwards. For example, the About Profile page encourages users to share experiences, discover common interests, and to highlight meaningful relationships.

That page will have the same effect of highlighting the closest relationships and keenest interest a user might have. Previously, this information would have probably been on a list, but not highlighted as especially important. Now it is, and it's a major concern, among others.

Sophos urges all Facebook users to reconsider just how much data about themselves they really wish to share using the new site, warning that it may not just be their closest friends and contacts who get access to the sensitive information but just about anybody.

“Adding new features to facilitate sharing updates, interests and photos may be appealing to some Facebook users, but people need to be concerned about how much personal data they’re willing to offer online,” said Carole Theriault, senior security consultant at Sophos.

The revamped website is one of a multitude of privacy and content-control issues that have arisen over Facebook, especially over recent months. Users have progressively been encouraged to share photos and comments among wider and broader groups, from friends only to only friend-of-friends, to anyone on Facebook by default via a series of changes, most notoriously a revamp of Facebook's privacy policy late last year.

More recently, a decision by the NHS to integrate its NHS Choices health information site into the Facebook Connect platform provoked a warning from online privacy firm Garlik that this would allow the tracking of users on the site.

Add to del.icio.us     Digg this story Digg this    Get a great Linux dedicated server for less than $4 a day!

Share on Twitter

Source: Sophos Internet Security Ltd.

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.


You can link to the Internet Security web site as much as you like.


| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer






Do it right this time. Click here and we will take good care of you!


Get your Linux or Windows dedicated server today.