August 8, 2008 9:07 AM PDT

Facebook's new worm turns your friends into enemies

Posted by Matt Asay

Facebook has a worm. It was bound to happen: As the web increases in popularity, it was just a matter of time before security bad guys started targeting web applications in earnest. Recent research from IBM suggests that the pace of security vulnerabilities on the web is accelerating.

This particular worm on Facebook is highly insidious:

The worm spreads when a compromised user's account is used to send message to others with a title such as "LOL. You've been catched on hidden cam, yo:" and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called "codecsetup.exe."...

The worm uses the friend's picture to make it seem all the more legitimate. Once compromised, keylogging and the like kick in.

In other words, it's even worse than Facebook without the worm. :-)

I'm not a big fan of Facebook - that's not a secret. I think Mike Schroepfer joining Facebook will help. The company is certainly improving the sort of applications that live on its platform. Facebook will work through this issue and will continue to improve, but for now...beware your Facebook friends.

Topics:

Industry news

Tags:

Facebook,

security,

malware,

worm

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Acquia releases beta of commercial Drupal
The problem with open-source revenue models
Playing backup to Red Hat
PC manufacturers seek shelter from Vista's drizzle
Open-source gaming Wiz finds its niche
Add a Comment (Log in or register) 4 comments
by enderandrew August 8, 2008 4:49 PM PDT
That isn't a Facebook worm. That is a standard email scam that has been circulating all over the place.

When someone writes a Facebook app with the Facebook API that directly propagates malware that would be a Facebook worm.
Reply to this comment
by enolazco August 11, 2008 9:26 AM PDT
WOW, You really hate Facebook

As enderandrew said, it's just a email problem. The same problem you will have on any social network which allows message sending (or wall posting). Why it happened on facebook? maybe because more people use it.
Reply to this comment
by softwaredesignengineer August 11, 2008 10:09 AM PDT
Geez, this is called "spam". Even other social networking sites like Orkut have these problems showing up almost on a daily basis with links to javascript files.

Facebook should just shutdown this app. Finish.
Reply to this comment
by newuser1235 August 18, 2008 2:22 PM PDT
How do we remove it?
Reply to this comment
Powered by Jive Software
advertisement

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

Latest tech news headlines

Featured blogs

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
advertisementElectronics & Computers Deals here!
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET