Facebook's response: Worms are not our problem
The response from representatives of social networks impacted this week by the discovery of a type of worm that targets them specifically, appears to have come straight out of West Side Story. They're playing it cool, boys, real cool.
In a company blog post late yesterday, whose timing is the main indication of its being a response to concerns raised earlier this week over Kaspersky Lab's discovery of a worm being disseminated through social networks, Facebook's head of security, Max Kelly, advised users that if they really think they have a worm or virus on their computers, they should contact Microsoft or Apple.
"If your Windows PC or Mac is ever infected with malware or a virus, check out these helpful sites," Kelly writes, following that with links to the main security pages for the two leading OS manufacturers.
Facebook's commitment to user security, Kelly says, is demonstrated by the fact that he and his team are preparing to attend the upcoming DEFCON security conference in Las Vegas.
But their travel plans were put on hold for awhile in order to address the worm Kaspersky's team found, which he says "was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We've identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."
Although some have described this strain of worms, which Kaspersky has dubbed Koobface, as "elaborate," Symantec's description of its operation shows it to actually be somewhat unsophisticated, and rates its risk of damage as "very low."
Essentially, it uses social techniques to fool the user into installing it. Then, masquerading as a video codec, it puts up a false error message while searching the victim's system for cookies. It then adds links to the worm's own distribution site to those cookies, making other social network members who view the victim's profile think that the site is one of his personal favorites. That's what convinces others to click on the link and check it out.
There's no evidence of destructive capability for this worm, though conceivably, its distribution method could later be paired with a more destructive payload. Though most security firms only record two strains of the worm thus far in the wild, a check of Kaspersky this morning reveals eight more strains have been found since the initial discovery.
For its part, the customer notice blog for MySpace -- the other social service where the worm has shown up -- has yet to acknowledge the existence of any problems. Meanwhile, Facebook's advice to customers remains in a "stay-the-course" vein: Don't share your password with anyone. And if you see suspicious activity, report it to Facebook and they'll be happy to look into it.
"The security team is always happy when we see spammers complain that it is too hard to make a profit from Facebook," Max Kelly writes. "We're also happy when we hear from our users that they consider us a safer place to be online."