By Mark Ward

Technology correspondent, BBC News website

Facebook boss Mark Zuckerberg ruled out policing applications Facebook has been targeted by malicious hackers seeking to steal valuable data from members. The social network site has been hit by five separate security problems in the last seven days, say security experts. By creating fake messages padded with details of Facebook members the thieves are capitalising on the trust and social links that drive the network. Security firms warn that the popularity of social networking sites makes them a tempting target for hi-tech thieves. Trust network "It's been a pretty bad week for social networking in general," said Rik Ferguson, senior security advisor at Trend Micro. In the last week, said Mr Ferguson, Facebook had been hit by four malicious applications as well as a new variant of the Koobface virus that first targeted members of the social site in December 2008. The rogue applications on Facebook all try to steal saleable information from the profiles of those who open it up, said Mr Ferguson. One malicious application tried to trick people into adding it by claiming that their friends were having trouble looking at their profile. If the application is added it spams itself to every Facebook friend that a member of the site has. Mr Ferguson said the way that Facebook is built can make it tricky for members to spot malicious or rogue applications. A lot of security software looks for malicious activity on a user's own machine, he said. By contrast, when Facebook members add an application it is servers operated by the social site that link to the third-party computers hosting that program. So far, said Mr Ferguson, the rogue applications on Facebook have been scary and a nuisance more than anything else. The Koobface virus uses fake YouTube pages to trick people "It's almost as if the applications we have seen this week are a proof of concept," he said. "It would be much better for them to generate rogue applications that did not look like rogue applications." Mr Ferguson said he expected more sophisticated programs that hid their malicious intent to debut soon on social network sites. He said it was time for Facebook to review its policy of approving applications. Currently, it only vets them after they are offered to members and have been reported as causing problems. In a Radio 1 Newsbeat interview with Mark Zuckerberg in late February, the Facebook founder rejected a call to vet all the applications showing up on the site. He said: "Our philosophy is that having an open system anyone can participate in is generally better." A spokesman for Facebook said members should be vigilant and never give out their password. He said Facebook did a lot of work behind the scenes to keep the site safe. If anyone was unlucky enough to fall victim they should visit the Facebook security pages and follow the steps that lays out to get help, he said. Writing on his blog, Graham Cluley, senior technology consultant at anti-virus software developers Sophos, said: "One of the problems is that Facebook allows anybody to write an application and third party applications are not vetted before they are released to the public. "Even as Facebook stamps out one malignant application, it can pop up in another place." Hitting Facebook users alongside the rogue applications has come a sophisticated variant of the Koobface virus that debuted in December 2008. The new variant uses a Facebook message to try to get people to visit a fake YouTube page and install the malware. To make it look more plausible, said Mr Ferguson, the virus posts the image from a Facebook member's profile on the video page. Once installed the malicious program hunts for cookies on a victim's computer and uses the details it finds in the small text files to log into other social sites that person may be a member of. "This is not just restricted to Facebook," said Mr Ferguson, "it's a growing trend. Though I'm surprised it's taken so long for social sites to be targeted."



Bookmark with: Delicious

Digg

reddit

Facebook

StumbleUpon What are these? E-mail this to a friend Printable version