A new worm has been discovered on Facebook, again
January 10, 2011
A new worm that spreads using a photo album chat message began proliferating across Facebook over the weekend. There's been many security flaws found in Facebook lately and this one adds to the feeling of insecurity that many Facebook users have been experiencing lately.
The photo lure is used to dupe potential users into downloading a malicious file, which appears in the guise of a photo viewing application. Victims are prompted to click a "View Photo" button.
Unsuspecting users who fell for the scam became infected by malware and viruses, dubbed Palevo-BB by Internet security firm Sophos. The malware attempts to generate a message to the victim's Facebook contacts, continuing the infection cycle and replicating itself to thousands of other infected machines.
Facebook responded by removing the malicious application from its system it said.
Similar social engineering trickery is more commonly used to dupe users into completing worthless surveys, possibly handing over personal details in the process or signing up to expensive text message services.
All kinds of useless survey scams have become almost a daily issue on Facebook for the past several months and the problem is rapidly getting worse.
For example, one survey scam lure making the rounds over the weekend falsely offered a news update of the death of famous rapper Tupac Shakur.
The use of social engineering trickery to spread malware instead of simply tricking users into filling out worthless surveys suggests that cybercrooks might be upping the ante. The latest Palevo-BB worm is not the first malware strain to use Facebook as an infection avenue. Other social networking sites have been hit as well.
The most horrendous social engineering network worm to date has been the infamous Koobface worm, a strain of malware and viruses used to deliver potential victims to scareware scam portals or carry out click fraud. Palevo-BB uses similar lures but is not as sophisticated in design as the earlier Koobface worm.
All social networking users are urged to use extreme caution in the light of these latest events, and the use of anti-virus and anti-malware software on all PCs and laptops is strongly recommended by all Internet security professionals, as well as the use of hardware firewalls.
In fact, a news release issued in December reveals that Facebook's latest site redesign will create even more security holes and expose more user information than the old site did.
Internet security firm Sophos cautions that, launched in beta earlier this week and due to be rolled out gradually over the coming weeks, the revamped website is designed in such a way as to encourage users to expose even more information about their daily lives to the dominant social networking site.
Security-wise, the site revamp is seen by most in the Internet community as a big step backwards. For example, the About Profile page encourages users to share experiences, discover common interests, and to highlight meaningful relationships.
That page will have the same effect of highlighting the closest relationships and keenest interest a user might have. Previously, this information would have probably been on a list, but not highlighted as especially important. Now it is, and it's a major concern, among others.
Sophos urges all Facebook users to reconsider just how much data about themselves they really wish to share using the new site, warning that it may not just be their closest friends and contacts who get access to the sensitive information but just about anybody.
“Adding new features to facilitate sharing updates, interests and photos may be appealing to some Facebook users, but people need to be concerned about how much personal data they’re willing to offer online,” said Carole Theriault, senior security consultant at Sophos.
More recently, a decision by the NHS to integrate its NHS Choices health information site into the Facebook Connect platform provoked a warning from online privacy firm Garlik that this would allow the tracking of users on the site.
Source: Sophos Internet Security Ltd.
You can link to the Internet Security web site as much as you like.