That isn't really your friend: hijacking users in Facebook and how to protect yourself

This won't come as a surprise to many of you, but Facebook has become the land of opportunity for bad folks trying to load nasty things onto your computer. I have had 3 Facebook friends send me messages that were obviously either simply spam or hijacked sites with downloaders (scripts that load bad programs onto your computer) and I've seen Wall postings on scores of other friends sites that were obviously the same. Now, I have personally received Facebook mail, chat, and Wall messages in this vein.

Some news reports on the topic: 1, 2

I like to think of myself as rather tech savvy, but I nearly click on these links too. I would never do that in my email, but Facebook is a place where we are all friends, right? And I'm not even a teenybopper with 400 friends, most of whom I hardly know; I know all of my friends in Facebook well. This is why I feel almost obligated to click on a link that they send. This is something that those bad folks are counting on and we all have to retrain ourselves.

Below is an edited and slightly expanded copy of a message that I sent one of those friends who asked how she could protect herself. The advice below is certainly not extensive, but I believe that it does cover the basics. If you have anything to add, please do so in the comments.

What to look for:

(1) Messages with just a link and no description (which means that when you send links to other people you should include descriptions).

(2) Links to websites that are not major media/tech companies or something that you know is your friend's website. Websites like CNN, MSNBC, Youtube, Flickr, and so forth are ok. Sites like geocities, msnspaces, and other sites that host free websites are not a good sign.

(3) Messages that just sound spamish--"Whoa! You gotta check this out," "I can't believe what this chick did," and the last one I got was "Someone posted a video of you being bad." (I almost fell for that one).

(4) Bad spelling and grammar. Now, you may have bad spelling and grammar yourself, but if you don't think that your friend does, don't click on it.


How to protect yourself:

(1) Most of these direct you to a website that has a script that loads something bad on your computer. This almost always comes through your browser (likely Internet Explorer), though it could come in through a host of other programs like Acrobat, Flash, or any other software on your computer that has a vulnerability that is not patched. Therefore, make sure that all of your software is updated. Most new applications have a "check for updates" option under the "Help" menu. It is especially important to have Windows and MS Office fully updated. This is where most of the bad stuff gets in.

(2) Drop Internet Explorer. It's just not worth the trouble. Firefox is the best out there in my opinion. It's also one of the safest (though nothing is perfectly safe).

(3) Invest in a good antivirus suite and keep it up to date.

(4) Make sure your firewall is turned on. It likely is, but make sure. If you are running XP service pack 2 or higher, the default is to have the firewall on.


What to do if friends report that you are sending strange messages in Facebook (and you really aren't):

(1) Contact all of your friends and tell them not to click on any links that you send, at least for a while.

(2) Change your FB password and possibly your email password that is associated with the account (they could have used that to get access through the password reminder function).

(3) Contact FB and tell them what's going on.

(4) Check all of your computers (home, work, and other) to make sure they are updated (especially the antivirus program) and run a scan.

What if a friend sends me one of these messages?

(1) Let them know immediately. They can likely stop them by simply changing their password. A little more work might be necessary if their computer has been compromised, though.

Am I safe now?

Not really. It might be that none of this works. Websites like Facebook are notoriously easy to hack for someone with a bit of energy and an ounce of know-how. It's really a numbers game, because you are always hoping that it's someone else and not you :) In the end, you just have to be a little careful and follow some basic rules and you will be a lot less likely to be a victim.


------------- UPDATE 11/15/2008 --------------
I just happened to run across Facebook's help section that makes people aware they what you are experiencing is likely a known virus (on your machine, not theirs). See Facebook info here on the Koobface worm. They point you to a Kaspersky notice that has much more information.

The short of it is that when you follow links to a bad site, it prompts you to download the most recent Flash application, but it's really a nice little virus that attacks both Facebook and MySpace sites.

How does it know your password? It doesn't have to. You're likely logged in already, which gives it access to everything it needs. It pillages your contacts and sends out a bunch more posts to the nasty Web page to infect more people. Really, if it weren't so nasty, I'd have to say it is genius.

------------- END UPDATE --------------------