A new worm, which downloads malicious code along with a picture of a "court jester", is making the rounds on Facebook.
According to IT security and control firm Sophos, the worm is downloaded by clicking on links in wall posts on Facebook profiles.
The picture of the court jester, with his tongue sticking out, is displayed when a malicious code (identified as Troj/Agent-HJX) is accessed by clicking on an infected link.
Sophos says the links on Facebook urge users to click on them to view a clip that is hosted by a Google Web site.
"There has been a flurry of malicious e-mails recently posing as links to videos - so there's really no excuse not to know that this trick is being commonly used by hackers at the moment," says Sophos SA CEO Brett Myroff.
TimBukOne MD Jos Pols says the damage caused by malware varies, with the one extreme being a simple irritation to the victim and the other being devastation.
"The malware may just be adware and only be an irritation to the victim. And may also be truly devastating and could use the victim's computer to send spam, infect other computers, steal credit card or other private information, steal company propriety data and information, or even to become part of a larger attack."
Myroff says companies might have to consider whether they should block Facebook in the workplace to beef up security, and not just to boost productivity. "If workers are allowed access to sites like Facebook, then it's vital that they do not put their personal and corporate data at risk, and that they are fully secured against Web-based infections."
Pols agrees, noting that employees must also be educated and trained, and proper policies must be put in place to ensure a safe environment. "But nothing is foolproof, and unwanted and malicious software is always going to find a way in. It is a game of attack and defend, attack and defend."
Related stories:
The end of social networks?
Cyber-criminals look to other platforms
Share
