August 8

Don’t Ignore the Facebook Virus

By David E. Stern, CISSP

Every day, dozens of new vulnerability or virus alerts are released to warn and inform the public. The IT community, including those in IT security have become fairly numb to these alerts. For the most part, as long as patches are pushed out, and antivirus signatures are kept up to date, these releases make little impact. The occasional worm or botnet will grab headlines, but the accompanying vigilance soon fades. It’s an unfortunate consequence of the virulent Internet environment.

I have never had much interest in using my Facebook account, so when I saw the advisory relating to Facebook and Myspace virus activity, I let it fade into the background noise. In fact, my inbox was filling up with “silly” Facebook notifications to the point of annoyance, so I logged in with the intention of clearing out my connections. Taking stock of the large number of friend associations that I had led me to an AHA moment; EVERYONE uses Facebook.

Facebook isn’t just a toy for feinding teens. It is used by people of all ages on all of their computers, whether at work or at home. It is a fertile breeding ground and conduit for Web 2.0 content. In this case, it is the perfect launch pad for a worm: huge market penetration and a very large and mainly clueless wetware population.

The same can certainly be said about most other virus outbreaks. But in the case of Facebook, there are simply too many good reasons to make that fateful click. Users may think twice about falling for a phishing scam or even clicking on the dancing pig, but Facebook is the forbidden apple. I am not advocating taking any actions against Facebook use. The resulting effort would be a waste of time.

Consider the following example: A toy manufacturer announces a recall of a popular toy due to dangerous chemical contained within. Your child doesn’t have the toy, but you will probably want to make sure that his school and friends don’t have it either.

Take the time to generate an internal email blast warning all employees to be extra careful. Spend a little more time looking at security logs. Finally, take a walk over to the help desk manager and ask him to keep an eye out for increased ticket volume.

Don’t ignore this one.


Tags

security


You may also like

Are you using frameworks properly?

Leadership and communication are actually layers, not levels

  1. This week I added a service called “Risks in the News” on my new website, called The Streetwise Security Zone (at http://www.streetwise-security-zone.com). The service blasts out short, “business-oriented” bulletins to members about new and pervasive risks that they might not otherwise see.

    My first bulletin was about the Facebook virus, and the next day I got a great testimonial from somebody who’d just joined. He had seen the bulletin and later saw the suspicious message from a friend of his on Facebook. He says it almost certainly would have infected his system without the advance warning.

    I think there’s a big disconnect between the security community and the rest of the world, mostly because people are just too confused by the technology and complexity flying around. This makes me think of a saying I heard last week: “A confused mind says NO”.

  2. This week I added a service called “Risks in the News” on my new website, called The Streetwise Security Zone (at http://www.streetwise-security-zone.com). The service blasts out short, “business-oriented” bulletins to members about new and pervasive risks that they might not otherwise see.

    My first bulletin was about the Facebook virus, and the next day I got a great testimonial from somebody who’d just joined. He had seen the bulletin and later saw the suspicious message from a friend of his on Facebook. He says it almost certainly would have infected his system without the advance warning.

    I think there’s a big disconnect between the security community and the rest of the world, mostly because people are just too confused by the technology and complexity flying around. This makes me think of a saying I heard last week: “A confused mind says NO”.

Comments are closed.
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!