IT security and control firm Sophos has warned users of Facebook
to exercise care, following an attempt by hackers to infect
computers by spreading messages containing malicious links on the
popular social networking website.
Messages left on Facebook users' walls are urging members to
view a video (which pretends to be hosted on a Google website), but
clicking on the link and visiting the webpage takes users to a site
which urges them to download an executable to watch the movie.
Sophos detects the executable file as the Troj/Dloadr-BPL Trojan
horse, which in turn downloads further malicious code (detected as
Troj/Agent-HJX), and displays an innocent image of a court jester
sticking his tongue out.
The animated image downloaded to infected
computers.
Sophos warns that the dangerous Facebook messages include a link
to a third party website of the form:
http://www.google.com.id. [removed]
.cn/gallery.php?id=...
"People have got to learn that clicking on links in messages to
websites can lead to a malware infection, whether the messages are
in your email or on a site like Facebook. There has been a flurry
of malicious emails recently posing as links to videos - so there's
really no excuse not to know of this trick being commonly used by
hackers at the moment," said Graham Cluley, senior
technology consultant for Sophos. "Companies will once again be
considering whether it's time to block Facebook in the workplace -
not just for the usual productivity reasons, but because of the
security threats that sites like this may pose to their
enterprise."
Sophos experts believe that companies need to set policies
regarding Facebook usage, and implement web security
solutions, to prevent dangers entering the workplace.
"Companies need to make their own mind up as to whether they
want to allow their users to access websites like Facebook and
MySpace during office hours. If workers are allowed to be given
access to these sites then it's vital that they do not put their
personal and corporate data at risk, and are protected from
web-based infections," explained Cluley. "The best defense is for
businesses to defend themselves with a web security and control
appliance which can filter internet access and prevent the
downloading of malicious code."
Last week, Sophos warned
about other malware using Facebook and MySpace in their attempt to
infect users.
Sophos recommends companies automatically update their corporate virus protection, and run a consolidated
solution at their email and web gateways to defend against viruses
and spam.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.