Peter G (sinetimore) wrote,
Peter G

If You Can't Trust Your Friends (List)

I'm reminded of the idea that, you could live in Fort Knox, but if you keep leaving the front door open, all the security in the world won't do dick for you.

Facebook has had a very bad week.  Four different apps have popped up, trying to phish people's usernames and passwords (not that it's necessary in many cases, as Sarah Palin found out during the election and Paris Hilton found out long ago).  And now, there's a new variant of he Koobface worm running around.  A link to a fake YouTube video sends computers to a remote site where fake Codec trojans are installed and that autoinstalls the worm (oh, THAT'S a new trick).  It then scours social networking cookies and makes a DNS query to check IP addresses that correspond to remote domains.  Those servers then send and receive information about the machine and the machine is RPC'ed.  With the information stroed in the cookies, the worm searches for the friends list.  Once found, it sends an HTTP POST request, sending a message to the friend with the bogus link to infect their machine.  Obviously, the purpose is to create a botnet.  An earlier version of this has already bounced through MySpace.

Those of you that know me know what I'm going to say next -- this wouldn't happen if they ran Linux.

It's actually interesting, because it is sidestepping e-mail security.  Suspicious e-mails or strange links?  People have learned to think twice before opening them or clicking them.  But on a social networking site?  There's a little less caution.  The self-defense advice is the standard keep your AV up to date, don't click on strange links, don't install codecs from questionable sources, blah blah blah.  Happy networking, kids!
Tags: computers, important life lessons, news
  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded