Facebook infested with new worm; More proof site is insecure?

Facebook infested with new worm; More proof site is insecure?

Summary: Facebook is infested with a new worm, hijacking status updates and spreading like wildfire to other users. Another bit of evidence towards Facebook being insecure, and lax with user privacy and data?

SHARE:

Facebook is littered with a worm, seemingly the same one under different names, created by randomly generated developers, which is spreading links all over the site.

Applications like S22BZ5 created by randomly assigned pseudonym 'Jackson Lasseter' has nearly 300 people under the grips of the worm. Others, such as replicated application B5DA8G, 9IHJ35 and AU0ZVE have just under 1,000 people inadvertently spreading the worm.

Just in the last 24 hours, I have seen my own friends' list infiltrated by these worm applications which set status messages via the application without the knowledge of the profile owner, through a shortened link service with an infected GIF file.

A quick Facebook search for 'tiny.cc' and 'is.gd', two link shortening services, shows a great deal of worry and concern over

Links seem to run through imgcrave.info and imgpant.info which then direct the user to an ordinary, legitimate website like Google or YouTube. Once this is done, your Facebook will be compromised, though this only seems to work on a Windows machine.

By looking at the statistics on the tiny.cc webpage alone, it shows nearly 1,000 Facebook users clicking spam the link, with most being unique account holders running Windows with Firefox or Internet Explorer.

Running an WHOIS on both domains seem to pull up the registered details of a person living in the north of the United Kingdom, with the website based on a server in Denmark. This could fit considering the aforementioned statistics shows more people in the UK being hit by the worm.

This could however be a complicated 'revenge' attack on this person, considering any hacker or malware writer would surely not be stupid enough to leave their own details on a WHOIS record. This is speculation, however.

Once again, this shows Facebook will allow applications which are not verified, that act in a worm or malware like fashion, and allows individual user privacy to become compromised to anyone who can slap together a simple application.

Have you found yourself compromised by a worm application like this? Did you manage to remove it, or did it leave malware on your computer?

Topics: Social Enterprise, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

46 comments
Log in or register to join the discussion
  • RE: Facebook infested with new worm; More proof site is insecure?

    I do not do facebook however the attack does not mean it is insecure.
    Any "secure site" no matter how secure can be broken into if enough people try hard enough, that does not make it insecure it makes it broken into.
    Insecure is if it is easy or has no security at all like many people's WiFi.
    Facebook is popular so who knows how many people try very hard every second to get in.
    MoeFugger
    • RE: Facebook infested with new worm; More proof site is insecure?

      @MoeFugger It's the argument about Facebook's lack of checks and validation of applications, allowing developers to easily create and roll out applications used for spam and malware. iTunes and BlackBerry App World both make sure that applications are verified; Facebook doesn't.
      zwhittaker
      • RE: Facebook infested with new worm; More proof site is insecure?

        @zwhittaker

        This is the poof that Facebook really does not give a damn about their customers. It is such an obvious security hole, yet they do nothing to plug it.

        This is why, when to my horror, I saw a cute young thing in a Starbucks using her laptop for both facebook and home banking, I explained the risk to her, explaining why I am a "Facebook refusenik",why I would certainly never use Facebook on the same machine as home banking, even with Avira and Superantispyware (which I also recommended to her).
        mejohnsn
    • RE: Facebook infested with new worm; More proof site is insecure?

      @MoeFugger

      they sure are tight about any post reguarding it. I tried to post a link to this blog, won't take it. tried to post a portion of this text, rejected. seems they really don't want their users to know
      SandisUnicorns
      • RE: Facebook infested with new worm; More proof site is insecure?

        @SandisUnicorns

        I just posted a link to this article with no problems.
        huygens1962
      • RE: Facebook infested with new worm; More proof site is insecure?

        @SandisUnicorns I was also blocked with the message that the content I was trying to post was abusive or spammy. It may have been because I quoted a short bit of text with the phrase "Links seem to run through imgcrave.info and imgpant.info" in the content box.
        big red one
      • RE: Facebook infested with new worm; More proof site is insecure?

        @SandisUnicorns I also just posted a link to this article with no issues at all. How and on what part of fb are you posting yours?
        Graham Ellison
    • RE: Facebook infested with new worm; More proof site is insecure?

      @MoeFugger

      im qith you. At least when myspace had this issue, what three years ago, they redirected all links to pass through a page that says "hey you are leaving our site and could be at risk" ..

      Sad thing is, that was three years ago and people are still too stupid to know the difference.
      TruXter
  • RE: Facebook infested with new worm; More proof site is insecure?

    Inevitable privacy lapses are the only reason I cant use facebook anymore, even though i might need to. Compromising the privacy of 100 million users is something that is unacceptable. Facebook just isnt secure enough and privacy is a huge concern for me. Ive been waiting for new social networking platforms such as MyCube and Diaspora, which seem very promising in terms of privacy. I really hope they live up to their promise and we can be assured of our privacy online.
    vishal_bhardhwaj
    • RE: Facebook infested with new worm; More proof site is insecure?

      @vishal_bhardhwaj 500 million. That's a bit scary.
      zwhittaker
    • RE: Facebook infested with new worm; More proof site is insecure?

      @vishal_bhardhwaj, I don't necessarily disagree with you in concept, but the weak link in facebook is applications. Don't use untrusted applications, and there is little chance of some random entity being able to access your profile. Knowing when to trust an application; high profile applications are usually trustworthy for example farmville, since they have a purpose other than injecting malware and don't want to compromise that purpose by being accused of being malware. Sure they are a bit spammy, but harmless. I don't accept such application's requests from friends, but only because they litter my facebook with something I have nothing to do with. Low profile applications need more care taken when allowing access to your facebook.
      pitdroidtech
      • RE: Farmville, trustworthy...

        @max_wedge Sorry to tell you Max, but Farmville is Facebook's LEAST trustworthy app is date. Because it is their biggest draw, it's also their biggest TARGET! (you have to think like a hacker here, if only just a minute... which would you rather attack... the program that has several hundred thousand players giving up their data without a second thought, or the other little bitty game with only a few hundred?) Oh, and speaking of players giving up their data, did I mention that Zynga, the developer OF Farmville, was (last I heard) being SUED for SELLING players' data to the highest bidder? That's a trustworthy program, eh?
        EnKrptyed
    • RE: Facebook infested with new worm; More proof site is insecure?

      @vishal_bhardhwaj
      facebook is becoming unfortunately a necessary evil... Using linux does reduce the risks accociated with these rogue apps. If you're an avid windows fan, install a virtualised Linux OS and use facebook there.
      qbicdesign
      • RE: Facebook infested with new worm; More proof site is insecure?

        @qbicdesign ... There's no such thing as a necessary evil ... only bad ideas people accept because they believe they have to. Dare to believe that you never have to invest in a bad idea just because millions of others have.
        Trep Ford
      • RE: Facebook infested with new worm; More proof site is insecure?

        @qbicdesign How would I go about installing virtual Linux OS. I am not really a windows fan, but I am 65 & only use FB because of my kids.
        My E is: minor@bresnan.net Many thanks, Rick
        juvii
      • RE: Facebook infested with new worm; More proof site is insecure?

        @qbicdesign Seriously, run a virtualised OS just to play Farmville? :P Talk about a bloated browser! This sort of attack can be targeted at any OS if they have a specific vulnerability; the article mentions an infected GIF, so maybe it is browser-specific. Using Chrome on Windows is your best bet at protecting yourself I guess, disable Java is you don't need it for banking or something. Obviously you need Flash for playing Facebook games, and Javascript is a must these days.
        msandersen
      • RE: Facebook infested with new worm; More proof site is insecure?

        @juvii your best bet is if you have a techie relative. Seriously, it is a silly thing having to run another OS in a virtual machine just to use a browser more securely. There are instances where some might do it, but just to use Facebook or play its games and if you are not technically inclined, not worth it... just be aware that there are scammers and hackers out there, that some might want to make Friends with you and chat you up and eventually ask for money with some sob story, or post links to dangerous sites. Actual friends can have their profile stolen or become infected as mentioned and unknowingly spam links. I haev a deaf friend and there are lowlife scammers targeting the deaf community trying to fool them into thinking they've won something if they will only pay some deposit, hand over personal information or something. Mostly it will not be a problem, just worth being vigilant.
        msandersen
      • Virtual Linux

        @juvii Go to http://wubi.sourceforge.net/ to try out Linux. But be careful, you might get spoiled.
        p.s. I'm 63
        james.vandamme
      • RE: Facebook infested with new worm; More proof site is insecure?

        @qbicdesign

        By no means is it a -necessary- anything. I am a successful Facebook Refusenik.
        mejohnsn
  • New attack vector

    Probably just stating the obvious, but the part I find more worrisome is not that it's indirectly going thru Facebook, but that "Short URL" providers like TinyURL, Tiny.CC and others are creating convenient ways to obscure the actual URLs.

    Are there any browser add-ins which can decode/decrypt these URLs on the fly BEFORE you click them? It wouldn't help the masses of people who blindly click on stuff, but it would help those who are more self-aware and want to "sniff" the URL before clicking it.
    ZStoner