Security news
Security news7 August 2008
Facebook users struck by new "court jester" malware attack Posts on your Facebook wall may lead to Trojan horse infection
IT security and control firm Sophos has warned users of Facebook to exercise care, following an attempt by hackers to infect computers by spreading messages containing malicious links on the popular social networking website.
Messages left on Facebook users' walls are urging members to view a video (which pretends to be hosted on a Google website), but clicking on the link and visiting the webpage takes users to a site which urges them to download an executable to watch the movie.
Sophos detects the executable file as the Troj/Dloadr-BPL Trojan horse, which in turn downloads further malicious code (detected as Troj/Agent-HJX), and displays an innocent image of a court jester sticking his tongue out.
The animated image downloaded to infected computers.
Sophos warns that the dangerous Facebook messages include a link to a third party website of the form:
"People have got to learn that clicking on links in messages to websites can lead to a malware infection, whether the messages are in your email or on a site like Facebook. There has been a flurry of malicious emails recently posing as links to videos - so there's really no excuse not to know of this trick being commonly used by hackers at the moment," said Graham Cluley, senior technology consultant for Sophos. "Companies will once again be considering whether it's time to block Facebook in the workplace - not just for the usual productivity reasons, but because of the security threats that sites like this may pose to their enterprise."
Sophos experts believe that companies need to set policies regarding Facebook usage, and implement web security solutions, to prevent dangers entering the workplace.
"Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours. If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections," explained Cluley. "The best defense is for businesses to defend themselves with a web security and control appliance which can filter internet access and prevent the downloading of malicious code."
- Learn more about the malware being seen distributed via Facebook on the SophosLabs blog
- Update: Facebook says up to 1800 profiles hit in 'court jester' malware attack
Last week, Sophos warned about other malware using Facebook and MySpace in their attempt to infect users.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their email and web gateways to defend against viruses and spam.
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
