Sophos stops new version of Koobface social networking worm

Filed Under: Facebook, Malware, Social networks

Book face
Our friends at Trend Micro are in the news today talking about a new variant of the Koobface worm which is capable of spreading via Facebook, MySpace, Bebo and other social networking sites.

It's the typical fare - a message apparently sent by a friend of yours on the social networking site invites you to check out a video. However, when you click on the link you are taken to a website posing as YouTube that encourages you to download an updated version of the Adobe Flash Player plugin.

Of course, that downloaded file is in fact a Trojan horse. Sophos proactively detects it as W32/Koobfa-Gen without requiring an update.

What's perhaps more interesting to me is that in an interview with the BBC today, Facebook founder Mark Zuckerberg says that they will not be introducing a system of "vetting" before allowing third-party applications to be added to the site.

This news comes in the wake of incidents we have seen in the last week or two where third-party Facebook applications like "Error Check System" and "F a c e b o o k -- closing down !!!" have used underhand tactics to gain users and access to individuals' profiles.

I think it's a little impractical to expect Facebook to check every single application that its users upload to its site, in the hope that they might uncover some mischievousness, but that doesn't mean Facebook should do nothing.

My proposal would be that Facebook application developers would need to jump through several hoops before they were approved to unleash their applications on the networks' 150 million plus users.

The first thing would be that anyone wanting to write a Facebook application would have to prove their identity and contact details. Yes, you heard me - not just an email address!

And then they sign an agreement with Facebook, accepting their terms and conditions, before they can become an authorised Facebook third-party developer.

After all, I remember writing an application for Facebook as an experiment and was amazed that within minutes it was available for the whole world to run, without Facebook having to know anything about me other than a webmail address.

You could even stagger roll-outs. So, if you are a brand new third party developer on Facebook your application is only available to x% of users for the first y% of days, and slowly the percentage of people who can run your application slowly builds up. That would help stem the success of malicious applications, and give the community an opportunity to highlight troublesome code that may be up to no good.

My suspicion is that an authorised developer system would have other benefits besides giving the authorities more of a trail when an app "goes bad" - it could also perhaps improve the quality of the average Facebook app!

* Image source: Max-B's Flickr photostream (Creative Commons 2.0)

, ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.