Facebook malware is a real threat

In case anyone was in any doubt, hackers are using Facebook to spread spam and dangerous links to malicious websites.

We’ve discussed the threat before, but it is worth reiterating. And for me it was highlighted in a very personal way this week.

How? Well, a couple of days ago I received a group email at my personal Facebook account from an old acquaintance, cc’ing various other people.

Here’s a screenshot of what I saw. I’ve hidden some of the details to protect the innocent.

Malicious Facebook message.

If you were tempted to click on the link you would be taken – after a couple of script redirections – to an all-too-familiar fake video page, pretending to be YouTube and offering a “secret video”. To view the video, the webpage tells you, you have to download a file called flash_update.exe which Sophos detects as the Troj/Koobfa-A malware.

Now, I’m not some kind of social-networking tart – in fact, I have less than 80 connections on Facebook. (I’ve seen people who claim to have over 1000 Facebook friends in the past). So, if I’m getting dangerous messages like this sent to me via Facebook, then chances are that some of the people you know are too.

Are you sure that they’ll be able to resist clicking on the link? I believe that users of social networks might be far more willing to open strange emails like this one because they have come from “a friend”, even if your friend isn’t the one who consciously sent it.

People need to be as much on their guard when it comes to communicating via social networks and virtual worlds as they should be on regular email and the public world wide web.