Warning for Business, Corporate and School Computer Networks
Is Facebook safe enough for access by office computers? For many organizations, the answer is no. The bad news about the popular social network grows with each passing week. Facebook has been plagued with the Koobface worm (some call it a virus), which has through Facebook infected (or attempted to infect) work PCs.
Now Facebook faces the scrooge of the Dancing Girl. The Dancing Girl exploit arrives as an e-mail appearing to be a typical notification from Facebook, saying someone has left you a Facebook message. The rogue e-mail directs you, the victim, to click to see a video of a sexy dancing girl. If the victim clicks, he is taken to a fake, Facebook lookalike page, which instructs the victim to download a software upgrade so that the video can be viewed. But in truth the software to be downloaded is a group of damaging, malicious programs.
If an employer were to prevent (forbid) access to social network sites, then employees would not be tempted to fall for tricks like this. To say it a different way: failure to prohibit Facebook and Myspace can promote a lax computing environment in the office.
Local chapters of the Better Business Bureau (such as the Hawaii chapter and the Chicago & Northern Illinois chapter) have issued warnings about the transmission of malware and the propagation of other threats through social networks, especially Facebook. Among other scams, bogus posts to a victim’s “wall” can link to dangerous external web pages, which might try to install malicious software through the victim’s web browser.
The Maryland General Assembly blocked its network users from access to social networks, especially Facebook.
Update: Recent research compares the success rates for propagation of malware via e-mail and via social networks. Hacker are ten times more successful on social networks sites.
At the SANS Institute, Mr. Wright teaches IT administrators how to stay out of jail.