Security Threat: Facebook and MySpace at Work

Koobface Virus Spreads among Office Workers

Employees (workers) visiting social networking sites are infecting workplace computers with viruses (or they are subjecting their computers to attempted infections).  Facebook and MySpace are known as breeding grounds for Koobface (technically classified as a “worm”).  Security is a reason for businesses, libraries and schools to block or limit access to social media web pages.

These are documented examples of Facebook being implicated in Koobface infections (or attempted infections) in the workplace or related to the workplace:

  • Richard Larmer, chief executive of RLM Public Relations in New York, had to replace his computer.
  • “[H]undreds of Boston journalists, ad execs and public relations professionals [such as Scott Farmelant of Mills and Co.] who use the popular social networking service have received a Facebook message that purports to link to compromising video of its recipient.”
  • A journalist at Washington City Paper haplessly clicked on a link purporting to be from a colleague at the paper, only to discover that the link caused an infection.

Koobface thrives in social networks because users think they can trust their friends.  The victim believes a trusted friend has left on her “Wall” a link to a video.  Her guard is down, so she clicks the link and then follows Koobface’s diabolical instructions to download a software update.  The worm infects the victim’s computer with malware that seeks to control the computer and steal personal information.

In addition to Facebook and Myspace, Koobface is reported to have infected other social networks, such as Bebo, Friendster, MyYearbook, and Blackplanet.  Experts predict more virus attacks through social web sites.

Although Koobface is not the first virus to spread through Facebook, it is the one that is reputed to have inflicted the most harm.

Update: Local chapters of the Better Business Bureau (BBB) are issuing warnings about the insecurity of Facebook and MySpace.

One strategy for employers is selective blocking, where only certain suspect sites are blocked, with a screen that reminds employees they are responsible for getting their work done.

–Ben Wright teaches computer security law at the SANS Institute.


8 Responses to “Security Threat: Facebook and MySpace at Work”

  1. CyberPatrol Blog » Social Networking Insecurity Says:

    […] Wright, an advisor to CyberPatrol, has published research about the infection of work computers by viruses spread through Facebook and […]

  2. Carina Says:

    So what are the solutions? May I trust Kaspersky and Panda to fight the threat?

  3. benjaminwright Says:

    Carina asks: “May I trust Kaspersky and Panda to fight the threat?” I believe anti-virus products like those can be very helpful. However, risk will still exist. For many small to mid-sized businesses, employers, schools, libraries and churches, it may be better just to block Web 2.0 sites until they improve their security. –Ben

  4. Vince Says:

    Doesn’t email pose the same threat? Bottom line is one has to be carefull with links regardless of the medium.

  5. Mike Says:

    I don’t believe restricting access to these social networks is the only solution here. Education is always the best solution in my mind. I can understand that fact that someone will trust a friend and click a link that said friend posted, but you should never install updates through these sites. If something is asking you to update a flash video or whatever, you should go to that programs website and check for updates there. It’s just ignorant to install an update of any sort through these sites. If people would just understand that then I think you wouldn’t see so many infections. That’s just my opinion.

  6. Facebook In-security « Internet Safety | How to Filter, Block, Monitor the World Wide Web Says:

    […]  The bad news about the popular social network grows with each passing week.  Facebook has been plagued with the Koobface worm (some call it a virus), which has through Facebook infected (or attempted to infect) work […]

  7. Forbid Twitter at Work? « Internet Safety | How to Filter, Block, Monitor the World Wide Web Says:

    […] To be sure:  much of the Twitter traffic and downloading attending to this stampede happened in the workplace, on office computers.  What a waste of employee time.  What a tax on business computers.  What a threat to security. […]

  8. Block Viruses Distributed by Web Pages « Internet Safety | How to Filter, Block, Monitor the World Wide Web Says:

    […] a small-to-medium enterprise like a business or library, protection of its computer network is not easy.  Hackers are constantly concocting new ways to […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: