Facebook Security Team Fighting New Worms

August 8th, 2008

By Justin Smith

While websites can take many steps to ensure their own code is secure, there’s often no way to completely prevent malicious code running on client computers from abusing stolen website credentials. That’s exactly the type of problem Facebook’s security team has been dealing with over the past two days, as at least two variants on new worms have been spreading to thousands of users across the site.

Responding to the situation, Facebook’s Head of Security Max Kelly said in the company blog earlier tonight,

We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on Walls urging users to view a video that pretends to be hosted on a Google or YouTube website. We’ve identified and blocked the ability to link to the malicious websites from anywhere on Facebook. Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware.

Kelly encourages Facebook users to never share their password and report any suspicious activity.

While Facebook hasn’t experienced widespread worm abuse in the past, it must continue to invest in early-warning detection systems to shut down these kinds of attacks before they spread very far in order to preserve the trust users place in the company to manage and store great amounts of personal information.

Check out The Facebook Marketing Bible: 50+ Ways to Market Your Brand, Company, Product, or Service Inside Facebook.

Digg this

Bookmark on Delicious

Filed in Business, Facebook

Inside Facebook Sponsors

9 Responses to “Facebook Security Team Fighting New Worms”

Matt Huggins Says:
August 8th, 2008 at 11:26 am
“…all of whom we notified and suggested steps to remove the malware.”

Yeah, that’s not true. I had this happen to me, and all my friends were spammed through my account, but I never received any sort of notification from Facebook. Hopefully what I did took care of the problem, but I guess I won’t know since Facebook didn’t contact me.
Secret Crush Worm Resurfaces | Stay N' Alive Says:
August 10th, 2008 at 11:30 pm
[...] and several other publications recently blogged about new worms surfacing that target Facebook through various means. Some are [...]
Cyber Log | Detektywi w wirtualnym świecie Says:
August 13th, 2008 at 11:26 am
[...] Źródło: Inside Facebook [...]
Inside Facebook » Update: Facebook Security Fighting Koobface Worm, Chain Letters Says:
August 26th, 2008 at 12:01 am
[...] many users are aware, Facebook has been fighting mounting security threats in recent weeks. Developers and analysts alike want to know more about [...]
M.Willits Says:
August 27th, 2008 at 5:07 am
Facebook didn’t contact my friend, who found out through a few angry friends that they’d been spammed on their walls.
Facebook should send out a general notice to all its users, but I suppose that’s bad for business.
H White Says:
August 30th, 2008 at 5:39 am
Facebook didn’t contact me either and i have had 2 messages containing these worms, not happy!!!!
nims Says:
January 16th, 2009 at 6:59 am
Facebook didn’t contact me 2!!!!!!!!!!!!
Abigail Says:
June 21st, 2009 at 4:59 am
Yes my name is abigail floyd and im trying to get someone from a face book team to reactivate my account cause its been disabled for about 3 weeks now. I know why its been disabled and i just wan’t to apoligize for that and i promise that will never happen again:) Happy fathers day!!! <3 xx

-Abigail floyd
Angela Says:
January 21st, 2010 at 1:21 am
I haven’t been on here for a while. cancer. But anyways, I was adding friends I knew, and facebook stopped me and said I was reported for abusive and illegal use. It also said my acct. was flagged. Please don’t delete anything or shut me down. I don’t understand what I did? what ever I did, I’m sorry!! this is my only way to comunicate with my friends. I’m home bound, & alot of times in bed. I am a good person & wouldn’t ever abuse anything or anyone. sorry