Facebook malware

(Redirected from Facebook worm)

The social media platform and social networking service Facebook has been affected multiple times over its history by intentionally harmful software. Known as malware, these pose particular challenges both to users of the platform as well as to the personnel of the tech-company itself. Fighting the entities that create these is a topic of ongoing malware analysis.

An individual displays the "White Hat" debit card that Facebook gives to certain researchers who report security bugs.

Types of malware and notable incidents

edit

Attacks known as phishing, in which an attacker pretends to be some trustworthy entity in order to solicit private information, have increased exponentially in the 2010s and posed frustrating challenges. For Facebook in particular, tricks involving URLs are common; attackers will maliciously use a similar website such as http://faceb0ok.com/ instead of the correct http://facebook.com/, for example. The 11th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA), held in July 2014, issued a report condemning this as one of the "common tricks" that mobile computing users are especially vulnerable to.[1]

In terms of applications, Facebook has also been visually copied by phishing attackers, who aim to confuse individuals into thinking that something else is the legitimate Facebook log-in screen.[1]

In 2013, a variant of the "Dorkbot" malware caused alarm after spreading through Facebook's internal chat service.[2] With suspected efforts by cybercriminals to harvest users' passwords affecting individuals from nations such as Germany, India, Portugal, and the United Kingdom. The antivirus organization Bitdefender discovered several thousand malicious links taking place in a twenty-four hour period, and contacted the Facebook administration about the problem. While the infection was contained, its unusual nature sparked interest given that the attackers exploited a flaw in the file-sharing site MediaFire to proliferate phony applications among victims' Facebook friends.[3]

The real computer worm "Koobface", which surfaced in 2008 via messages sent through both Facebook and MySpace, later became subject to inflated, grandiose claims about its effects and spread to the point of being an internet hoax. Later commentary claimed a link between the malware and messages about the Barack Obama administration that never actually existed. David Mikkelson of Snopes.com discussed the matter in a fact-checking article.[4]

On 26 July 2022, researchers at WithSecure discovered a cybercriminal operation that was targeting digital marketing and human resources professionals in an effort to hijack Facebook Business accounts using data-stealing malware.They dubbed the campaign as 'Ducktail' and found evidence to suggest that a Vietnamese threat actor has been developing and distributing the malware with motives appeared to be purely financially driven.[5]

Responses

edit

Individual efforts

edit

In the same vein as actions by Google and Microsoft, the company's administration has been willing to hire "grey hat" hackers, who have acted legally ambiguously in the past, to assist them in various functions. Programmer and social activist George Hotz (also known by the nickname "GeoHot") is an example.[6][7]

Bug Bounty Program

edit

On July 29, 2011, Facebook announced an effort called the "Bug Bounty Program" in which certain security researchers will be paid a minimum of $500 for reporting security holes on Facebook's website itself. The company's official page for security researchers stated, "If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you."[8] The effort attracted notice from publications such as PC Magazine, which noted that individuals must not just be the first to report the security glitch but must also find the problem native to Facebook (rather than an entity merely associated with it such as FarmVille).[6]

Targeting of specific users

edit

In late 2017, Facebook systematically disabled accounts operated by North Koreans in response to that government's use of state-sponsored malware attacks. Microsoft did similar actions. The North Korean government had attracted widespread condemnation in the U.S. and elsewhere for its alleged proliferation of the "WannaCry" malware. Said computer worm affected over 230,000 computers in over 150 countries throughout 2017.[9]

See also

edit

References

edit
  1. ^ a b Dietrich, Sven, ed. (2014). Detection of Intrusions and Malware, and Vulnerability Assessment: 11th International Conference, DIMVA 2014, Egham, UK, July 10-11, 2014, Proceedings. Springer. pp. 79, 84–85. ISBN 9783319085098.
  2. ^ "Dorkbot Malware Spotted on Facebook Chat". WebTitan DNS Filter. 2013-05-14. Retrieved 2021-11-21.
  3. ^ Gonsalves, Antone (May 14, 2013). "Facebook attacked with credential-harvesting malware". CSOonline.com. Retrieved January 10, 2018.
  4. ^ Mikkelson, David (14 July 2008). "'Koobface' Virus Warning". Snopes.com. Retrieved January 10, 2018.
  5. ^ "A newly discovered malware hijacks Facebook Business accounts". Tech Crunch. 26 July 2022. Retrieved 26 July 2022.
  6. ^ a b Yin, Sara (August 2, 2011). "Facebook Offers $500 Bounty for Reporting Bugs: Why So Cheap". PC Magazine. Retrieved January 10, 2018.
  7. ^ Reisinger, Don (June 28, 2011). "Geohot now a Facebook employee". CNET. Retrieved January 10, 2018.
  8. ^ "Facebook: Whitehat". Facebook. Retrieved January 10, 2018.
  9. ^ Nakashima, Ellen; Rucker, Philip (December 19, 2017). "U.S. declares North Korea carried out massive WannaCry cyberattack". The Washington Post. Retrieved January 10, 2018.