News

Sophos: Facebook Malware Attack Puts Work Computers at Risk

IT security firm Sophos says new Facebook malware attack poses serious security threat to all computers, both personal and corporate

By Joan Goodchild, Senior Editor

August 07, 2008CSO — The popular networking site Facebook is the target of a new attack that is spreading messages with malicious links.

Boston-based IT security and control firm Sophos is warning users about the problem. Sophos said Facebook a user's computer can be infected after they view a video that is infected with the bad code.

According to Sophos, messages left on Facebook users' walls are urging members to view a video, which appears to be hosted on a Google website. But users who click on the link are taken to a site which urges them to download an executable file to watch the movie, according to Graham Cluley, senior technology consultant for Sophos. The file downloads malicious code and displays an image of a court jester sticking his tongue out.

Cluley said the new attack leaves both home and workplace computers vulnerable. Many employees now access the networking site in the office from their work computer. He advised companies to educate workers who access the site to be on the lookout for the dangerous message, which includes a link to a third party website http://www.google.com.id. [removed] .cn/gallery.php?id=.

"The message asks people if they want to download an executable file to view the video. At that point your users should say 'No, I don't,'" said Cluely. "People have got to learn that clicking on links in messages to websites can lead to a malware infection, whether the messages are in your email or on a site like Facebook."

Organizations will also want to have a Web security and control appliance in place that filters internet access and prevents the downloading of malicious code, he advised. While businesses are now doing a good job scanning emails for potentially bad messages, Web 2.0 sites are not.

"Messages sent by Web 2.0 sites aren't being scanned," he said. "And Web 2.0 sites aren't doing a good job filtering. It is sort of 1990's era technology being used by these sites."

The new attack may also be a wake-up call for companies to consider internal policies in sites like Facebook in the workplace. Cluley pointed not just to security risks, but productivity issues, too.

"Ultimately that decision is for each individual company to make. But they may have to ask themselves: Do all users need to access these kinds of sites? Or do only certain people in some departments need access? If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Maximizing Site Visitor Trust Using Extended Validation SSL

VeriSignNow with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.

» Read the Paper

Featured Sponsors
Sponsored Links

Taking the Botnet Threat Seriously

7 Requirements of Data Loss Prevention

Information Security: Data Drains and How to Prevent Loss

CA's IT Security centralizes your identity management to turn security into a proactive, business-building tool

How Are Open Source Development Communities Embracing Security Best Practices?

Digital Identity Protection and Data Security Get Personal

Simplify your data center with Juniper Networks. View the webcast

Managing SSL Security in Multi-Server Environments

The Latest Advancements in SSL Technology

How to Offer the Strongest SSL Encryption

Forrester Total Economic Impact (TEI) report: Save Millions in Fraud Losses.

Get in Compliance With Government Data Regulations

Manage your IT more effectively

IDC Defines an Identity and Access Management Submarket

IDC Defines an Identity and Access Management Submarket for Managing Privileged User Accounts and Meeting GRC Requirements

Everything Today's CISO Needs to Know About Using SSO to Succeed in the Web 2.0 Era

E-LOAN Maintains Reputation as a Privacy Leader with Symantec

Data Loss Prevention: Keeping Sensitive Data Out of the Wrong Hands

Prudential Financial Protects its Brand with Symantec

Efficient - Flexible - Compliant

Envision Identity-Based Access Control for the Datacenter

Using Likewise to Comply with PCI Data Security Standard

When Customer Relationship is Everything, Businesses Bank on SSL Solutions

The Case for Business Software Assurance ~ Securing Your Applications

Maximizing Site Visitor Trust Using Extended Validation SSL

Solving Online Credit Fraud Using Device Reputation

Understanding Data Location is Imperative for Data Loss Prevention

Secure your virtual and physical environments with the same software

Any company can promise identity protection. Only Debix can prove it

Welcome to the age of Service-Oriented Security (SOS)

Enabling Compliance with Converged Mainframe Security and Storage

5 Steps to Secure Outsourced Application Development