Welcome to WebmasterWorld Guest from 188.8.131.52
Forum Moderators: rogerd
A worm responsible for sending Facebook users malicious code appears to be limited in nature, although the social engineering attack may be used again, say experts.
Facebook representative Barry Schnitt said the worm isn't new; it dates back to August, although the variant that first appeared on Wednesday targets only Facebook users.
Craig Schmugar, threat researcher for McAfee Avert Labs, confirmed this in a call with CNET News and said that, in general, Koobface strikes only social-networking sites.
After receiving a message in their Facebook in-box announcing, "You look funny in this new video" or something similar, recipients are then invited to click on a provided link. Once on the video site, a message says an update of Flash is needed before the video can be displayed. The viewer is prompted to open a file called flash_player.exe.
However I am not so sure that my children would be as smart. (who often use my laptop after I go to bed).
This is really old news, it has been going around since August. It just seems that the main stream press is just now getting on it since Myspace issues are truly old old news.
[edited by: kamikaze_Optimizer at 9:42 am (utc) on Dec. 7, 2008]
On FF use NoScript. Lock everything else down.
This isn't tin-hat behaviour anymore. This is what I'd teach my kids...Trust only those people you know. If not, no access.
Seems to defeat the whole purpose of surfing and using the internet though doesn't it? Obviously the old guard here has their sites tuned to where the core functionality works just fine under these circumstances, but what about the rest of the internet?
Maybe a 'collective trust rating' could be established for each site, but even then a site like facebook is still vulnerable to someone exploiting it.
Seems to defeat the whole purpose of surfing and using the internet though doesn't it?
I'll agree that it does take a little more effort to turn things on, but I feel a lot safer not letting these sort of exploits run by default.
collective trust rating