On Tuesday, Fortinet put out an alert about the reemergence of the Koobface worm that was spreading malware to Facebook users earlier this year. Yesterday, Network World posted a nice piece by Robert McMillan giving some detail on the attack and why the simple defensive measures Facebook put in place earlier weren’t sufficient. This new variant also has all kinds of interesting hooks into Google, Picasa and YouTube to trick the user into accepting the malware download.
When we published the Gartner 2008 IT Security Threat Timeline earlier this year, we listed Social Network Subversion as a near term threat – meaning most enterprises will need to deal with it either this year or next year. This is another example of how the “Consumerization of IT” opens up huge new threat paths – the Facebooks and YouTubes of the world are consumer-grade services that are fairly easy to exploit.
We are losing the ability to block our users from going to those sites, so that simple strategy is no longer the answer. Facebook’s advice back in August ended in an old canard that we know doesn’t work, either:
Finally, just as in your off line community, be aware of your surroundings in your online community. If a user doesn’t seem right, or says or posts something that you feel is threatening or inappropriate, report it to us. (link)
My grandfather fell for “off line” attacks like Three Card Monte scams on street corners that 100 years later people are still falling far – telling users “be safe, be responsible” is proven time and time again not to make a difference. Controls and protection are needed – see ground fault interrupt breakers on electric outlets near water, vs. warning stickers.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment