Security firm warns of malware attack on Facebook

Very few details are available about what appears to be a different attack than one discovered last week, which also propagated through Facebook wall posts.

Caroline McCarthy Former Staff writer, CNET News
Caroline McCarthy, a CNET News staff writer, is a downtown Manhattanite happily addicted to social-media tools and restaurant blogs. Her pre-CNET resume includes interning at an IT security firm and brewing cappuccinos.
Caroline McCarthy
2 min read

Sophos, a security software and research firm, has warned that social network Facebook is the battleground for a new malware attack targeting members' comment "walls."

Public wall posts purporting to be from someone on a user's friends list invite the user to click on some kind of video or image, and the URL appears to lead to something hosted on Google.com. That's a spoof--it really directs to a grinning photo of a court jester sticking out its tongue--and a downloaded Trojan. Sophos has not said what the worm then does.

Facebook representatives were not immediately available for comment.

Sophos says that this is probably not the same as a social-network worm that Kaspersky Labs flagged last week; Kaspersky confirmed on Friday that the two are different.

Additionally, Sophos says it has not yet completed its investigation of the issue and has said that the worm may not be restricted to Facebook. "Whether this really is a Facebook worm, and not simply malware being distributed via Facebook spam remains to be seen," a blog post by Sophos researcher Fraser Howard read.

In the past, Sophos has warned of social networks' potential as Petri dishes for malicious attacks, and has put out a general warning to companies that security issues might be a graver issue than productivity when it comes to choosing whether to block access to these sites at the office. "Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours," Sophos analyst Graham Cluley said in a release.

"If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk, and are protected from web-based infections."

This post was updated at 12:14 p.m. PT with comment from Kaspersky Labs.