Destructive virus on Facebook

[dwarakesh]

Facebook's 120 million users are being targeted by a virus dubbed "Koobface" that uses the social network's messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.

It is the latest attack by hackers increasingly looking to prey on users of social networking sites.

Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, "You look just awesome in this new movie," direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc's Flash player.

If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, Yahoo, MSN and Live.com, according McAfee.

McAfee warned in a blog entry on Wednesday that its researchers had discovered that Koobface was making the rounds on Facebook.

Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs. Because of that, users tend to be far less suspicious of messages they receive in the network.

"People tend to let their guard down. They think you've got to log in with an account, so there is no way that worms and other viruses could infect them," Boyd said.

Social network MySpace, owned by News Corp, was hit by a version of Koobface in August and used security technology to eradicate it, according to a company spokeswoman. The virus has not cropped up since then, she said.

Privately held Facebook has told members to delete contaminated e-mails and has posted directions at www.facebook.com/security on how to clean infected computers.

Richard Larmer, chief executive of RLM Public Relations in New York, said he threw out his PC after it became infected by Koobface, which downloaded malicious software onto his PC. It was really bad. It destroyed my computer," he said.

McAfee has not yet identified the perpetrators behind Koobface, who are improving the malicious software behind the virus in a bid to outsmart security at Facebook and MySpace.

[dwarakesh]

Latest Facebook Attack Stems from Previous One

The latest Koobface virus attack on Facebook grabbing headlines this week, was actually spawned by an earlier attack back in October, according to a security expert.

Getting rid of the virus will be difficult. Both Fortinet's Lovet and McAfee's Marcus said it is a server side polymorphic virus, which means it tweaks itself automatically every five minutes or so. This makes it hard to combat because it offers a new signature every time it changes and antivirus packages can only work against malware whose signature they recognize.

he attacks could impact enterprises' efforts to leverage social networking. "As businesses start leveraging social networking sites, they need to factor in access control for those sites into their security," McAfee's Marcus said.

One of Facebook's most prominent partners is Salesforce.com (NYSE: CRM), which announced Force.com for Facebook at Dreamforce 2008, its annual user conference, last month. Salesforce declined comment on this issue.

"Businesses who look at Facebook for the power of the communications tool really need to look at the malware today and make their malware countermeasures a part of what they're going to do with Facebook," Marcus said.

Enterprises should be especially careful of the recently announced Facebook Connect technology, which lets the social networking site's users port their account information to other Websites and applications, Marcus said.