IT security and control firm Sophos is warning users of Facebook to exercise caution when clicking on links in wall posts, following an attempt by hackers to infect computers by spreading messages containing malicious links on the popular social networking Web site.
Messages left on Facebook users' walls are urging members to view a video (which pretends to be hosted on a Google Web site), but clicking on the link and visiting the Web page actually takes users to a site which asks them to download an executable to watch the movie. Sophos warns that the dangerous Facebook messages include a link to a third-party Web site of the form: 'h__p://www.google.com.id. [removed] .cn/gallery.php?id=...'
The executable file, detected by Sophos as the Troj/Dloadr-BPL Trojan horse, then downloads further malicious code (detected as Troj/Agent-HJX), and displays an innocent image of a court jester sticking his tongue out.
"Clicking on links in messages can lead to a malware infection, whether the messages are in your e-mail or on a site like Facebook. There has been a flurry of malicious e-mails recently posing as links to videos - so there's really no excuse not to know that this trick is being commonly used by hackers at the moment," says Brett Myroff, CEO of regional Sophos distributor, Sophos South Africa.
"Companies will once again be considering whether it's time to block Facebook in the workplace - not just for the usual productivity reasons, but because of the security threats that sites like this may pose to their organisation."
Sophos experts believe that businesses need to set policies regarding Facebook usage, and implement Web security solutions, to prevent dangers entering the workplace.
"Companies need to make up their own mind as to whether their users should be allowed to access Web sites like Facebook and MySpace during office hours. If workers are allowed access to these sites, then it's vital that they do not put their personal and corporate data at risk, and that they are fully secured against Web-based infections," says Myroff. "The best defence is for businesses to protect themselves with a Web security and control appliance which can filter Internet access and prevent the downloading of malicious code."
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at their e-mail and Web gateways to defend against viruses and spam.
For more information, and an image of the court jester displayed by the malware, please visit the SophosLabs blog: http://www.sophos.com/security/blog/2008/08/1632.html.
Share
NetXactics, trading as Sophos South Africa, is a South African-based company focused on the provision of security solutions. It is the master distributor for UK-based Sophos Plc, one of the leaders in the provision of network access control and endpoint, e-mail and Web security and control solutions for the corporate environment. For more information, visit Sophos South Africa at www.sophos.co.za.
Sophos
Sophos enables enterprises worldwide to secure and control their IT infrastructure. Our network access control, endpoint, Web and e-mail solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, we protect over 100 million users in nearly 150 countries with our reliably engineered security solutions and services. Recognised for our high level of customer satisfaction, we have an enviable history of industry awards, reviews and certifications. Sophos is headquartered in Boston, Maryland and Oxford, UK.
Editorial contacts