Koobface Virus Spreads among Office Workers
Employees (workers) visiting social networking sites are infecting workplace computers with viruses (or they are subjecting their computers to attempted infections). Facebook and MySpace are known as breeding grounds for Koobface (technically classified as a “worm”). Security is a reason for businesses, libraries and schools to block or limit access to social media web pages.
These are documented examples of Facebook being implicated in Koobface infections (or attempted infections) in the workplace or related to the workplace:
- Richard Larmer, chief executive of RLM Public Relations in New York, had to replace his computer.
- “[H]undreds of Boston journalists, ad execs and public relations professionals [such as Scott Farmelant of Mills and Co.] who use the popular social networking service have received a Facebook message that purports to link to compromising video of its recipient.”
- A journalist at Washington City Paper haplessly clicked on a link purporting to be from a colleague at the paper, only to discover that the link caused an infection.
Koobface thrives in social networks because users think they can trust their friends. The victim believes a trusted friend has left on her “Wall” a link to a video. Her guard is down, so she clicks the link and then follows Koobface’s diabolical instructions to download a software update. The worm infects the victim’s computer with malware that seeks to control the computer and steal personal information.
In addition to Facebook and Myspace, Koobface is reported to have infected other social networks, such as Bebo, Friendster, MyYearbook, Classmates.com and Blackplanet. Experts predict more virus attacks through social web sites.
Although Koobface is not the first virus to spread through Facebook, it is the one that is reputed to have inflicted the most harm.
Update: Local chapters of the Better Business Bureau (BBB) are issuing warnings about the insecurity of Facebook and MySpace.
One strategy for employers is selective blocking, where only certain suspect sites are blocked, with a screen that reminds employees they are responsible for getting their work done.
–Ben Wright teaches computer security law at the SANS Institute.