Although it’s barely a month into 2012, there is a lot going on with security and privacy on the world’s most popular social networking site — Facebook. Intersections’ Consumer Security Adviser, Neal O’Farrell is here today to give us an update on several new Facebook security issues.
2012 has already been an interesting year for Facebook security, with the emergence of some dangerous new scams and the unmasking of one of Facebook's most notorious cyber gangs.
In case you never heard of Koobface, it's a piece of malware that first emerged in 2008 and quickly infected millions of users. Users were tricked into downloading the malware by clicking on infected links on Facebook pages with messages like "Lol, is this you in this video?" These users were then enlisted into a giant international bot network of hijacked computers, at one point numbering close to one million computers, which in turn were used to engage in a variety of criminal activities that including pedaling fake anti-virus software.
The Koobface gang, as they became known, were able to generate millions of dollars in criminal gains, and all the while working out in the open, in plain sight, in the Russian city of St Petersburg. That is, until January 16, 2012 when the
New York Times and other outlets identified the five members of the gang and posted their photos across the world.
Apparently that did the trick, because Facebook just reported that they had finally wiped all traces of Koobface from Facebook, and that the command and control servers used to manage this massive criminal network appear to have gone silent.
But if everyone knows who these criminal are, and have known for some time, why were they not arrested? In a statement from Russian authorities, the answer is simple — no-one ever bothered to ask them to investigate or arrest them. While that's probably not the case, and Russian authorities have probably known about and tolerated the gang for years, it reminds us once again why so many of the world's most notorious hacking gangs work unimpeded from behind the Russian border.
But that might have been the only good news on the security front for Facebook. Just last week we talked about a dangerous new worm called Ramnit, which had apparently been merged with the highly dangerous Zeus banking Trojan and stealing Facebook passwords in the expectation (probably correct) that many Facebook users use the same password on other sites, such as their online banking.
And that was followed by a Facebook ransomware attack, where Facebook users received messages claiming that as a result of some unusual activity their Faceook account had been suspended and they would have to pay a fee of around $30 in order to unlock it.
There are some important lessons to be learned here:
• Probably the only way to defeat all these Facebook threats that keep emerging is for everyone to stop using Facebook. Criminals are only targeting Facebook because it's easy to pick the pockets of such large crowds.
• It's like playing whack-a-mole with criminals. As soon as one gang or piece of malware has been neutralized, another takes its place. And often the replacement has learned from its predecessors, adapted itself, and become even more potent.
• It's still down to users. Facebook is doing all it can (I assume) to counter all these threats. But if you really do love Facebook, you can help - by being more cautious, vigilant, and cynical when it comes to any unusual messages you receive. And of course, a strong and well-protected password would be greatly appreciated too.
You can read details of the compelling Koobface expose here.
Learn more about identity theft protection.