Up to 1800 profiles hit by malware attack, says Facebook

Yesterday I posted about the malicious links that were being seen on Facebook users’ walls, pointing to webpages containing a Trojan horse. The latest example of malware being seen affecting Facebook users displays a picture of a court jester, sticking his tongue out at the infected user while a Trojan horse does its work silently in the background.

The security team at Facebook has overnight published a blog entry discussing the problem and advising its members about the importance of properly securing their accounts. According to the blog entry, Facebook has identified and blocked the ability to link to the malicious websites and “less than .002 percent of people on Facebook have been affected, all of whom [were] notified and suggested steps to remove the malware.”

Less than 0.002 percent? As Facebook’s latest stats say they have over 90 million users, that suggests that “less than” 1800 Facebook members’ profiles were affected. Not an insignificant number.

So, the true figure must be that more than 900 people were hit – as otherwise Facebook would surely have said less than 0.001 percent.

Facebook statistics, August 2008

The only other possible reading is that Facebook hasn’t got over 90 million active members.

Moving on, one thing that would be good is if the guys in the Facebook security team gave tips on how users could secure their systems before they get infected, rather than tell people what to do if they suspect a virus infection. After all, prevention is much better than cure.

Scanning the webpages your employees access, defending your PCs with firewalls, patches and up-to-date anti-virus software, and remembering never to install unknown executable code on your computer – especially if you are pushed to do it via an unsolicited message – is key.

A year ago, a survey conducted by Sophos found that 50 percent of companies (who took part in the poll) were blocking access to Facebook.

I wonder what that figure is today? If you have an opinion on how and if Facebook access should be controlled in the workplace, why not drop me a line?

Erratum: The first version of this blog post had a higher figure for the total number of possible Facebook users affected. That’s my fault for trying to work out percentages before I have had my morning shower. I’m sorry, and I’ll remember to double-check my calculations next time (or throw cold water on my face before posting).