Archive for March, 2011

What to do with a Facebook worm

Thursday, March 3rd, 2011

I have been seeing a lot of them lately, so i figured its about time to write something i can link against, instead of repeating myself over and over again.

What are we talking about here? What is a worm? In the world of computers, there are various types of malicious software. The one applying to this problem is called “worm”. It can reproduce itself on different systems which leads to a vast infection of computers. Once having infected a host (a computer for example), it might do some harmful stuff, or just annoy the user with popups, file deletions, extra costs, etc. pp. Why people would do something like this? To reach an audience, make money with ads, annoy others, various reasons.

So whats up with the Facebook worms? They act much alike. Instead of infecting the whole computer (hopefully), they infect a facebook account by posting links on someones profile or “liking” pages, which then again shows up in the infected profiles timeline. All their friends get to see this “intresting” link, click it themselves and BAM the infection wave is rolling.

The normal procedure is like this: someone sees some “interesting” link or page a friend posted (something with sex, cause that sells, or humiliation, or funny stuff), and wants to check out the content. When clicking on the link/page, one gets redirected to some external webpage which asks the user to “click here to continue” or “click here to play the movie” or just shows some button which the intrested user will click.

Thats the problem, because those sites use something called “clickjacking” (derived from hijacking). Using a technology called Javascript, which enables modern browsers to run software on the local PC instead of on a remote Server somewhere, they catch the click of the user and use it to post their own stuff on the users account without even notifying the user. Its all done in the background and not visible.

So what should be done when someone points out, that you are infected?

First of all, delete the fake posts from your profile. On the top right, there is a link to your own profile. Click it, then hover over the fake post (move the mouse over it) and an “X” for deleting this post should appear. Delete all of them, so none of your friends can get trapped with this one as well.

After that, click in “info” on the left side of your profile and delete all the likes and pages you dont really like.

Next check out your privacy settings and which apps have access to your info. Again, go to those settings at the top right “account->privacy settings” or follow this link which will bring you right to those settings. Scroll through these apps and delete every app you dont trust and want to share your data with. Or at least click in “edit settings” and restrict the amount of data they can receive. Some people will be surprised about how many apps they gave access to, they dont even know.

If you notice some weird page on a friends page, you can always mark it as spam. The more often it gets marked as spam, the higher the possibility of the facebook staff removing it in time.

Now you should be all set, facebook wise, but depending on what else got clicked and installed and fetched, you might want to check your computer with a current antivirus program.

If you ask yourself now, how you could avoid getting those annoying posts, read on.

– First of all, like with all content, dont click on links you dont trust. If you see that a link directs you to some dubious page, just dont click it. The content wont be worth it.

– Second, since those pages use Javascript to deploy there scam, one could simply disable Javascript totally. But since the modern Web (2.0, thats right) is heavily relying on Javascript, a lot of pages wont work anymore. Thats why there are some tools like NoScript that disable Javascript, but let you define exclusions. NoScript is a plugin for the browser Firefox, but i am sure that there are plugins/tools for other browsers as well.

– and third, while you are at it, you might want to read through all the (confusing) options of the facebook privacy settings, so you do have a glimpse of who is doing what with your personal information. This page might help you.

Things you might want to consider:

– do i really need to be logged into facebook all the time on every other page i visit?

– should facebook really give some “selected partner sites” my information? thats called “Instant personalization”

– what info should apps have access too, that my friends use?

Further reading:

http://www.sophos.com/blogs/sophoslabs/?p=9783

http://www.theregister.co.uk/2010/06/01/facebook_clickjacking_worm/

http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html