Friday, September 11, 2009

But my profile is private

I don't want to bash too much on Facebook (see previous post), but there is another concern out there that I wanted to publicize: Your private Facebook profile may not be private!

As tested by Super-Phil (a guy I work with), having a private profile on Facebook is really only private (which does not imply that it cannot be hacked anyway) if you do NOT join any groups. What do this mean?????

For a situational example, let's say that you are bored and trolling Facebook for ex-girlfriends. Suddenly you find one and your excited to make contact...only to be deflated by the fact that when you click on your ex's profile, you are told that some or all content is visible only to your ex's Facebook friends. Now isn't that a bummer! However, there is a way around this, or a caution for those who wish to remain private: if your ex is part of a group on Facebook!

What do you do? Join the group! After joining the group, as Super-Phil tested this past weekend, you can see any other member's FULL profile. I leave it up to the reader to decide if this is good or bad. I cannot currently test this from where I am at right now, but I have faith in Super-Phil, as he is a Facebook and vulnerability guru.

Something else that Super-Phil noted: be wary of sites such as NING dot com (apparently they are currently being sued) becuase they scrape Facebook profiles and put your information out there for even more to see....even if your profile on Facebook is private, but you are a member/customer of sites such as NING.

What's Old is New...

There are hundereds of products that promise to "rejuvenate" our older population, remove wrinkles, or just plain make you "feel younger." These are items that attempt to "turn" the older people into "new." Most of these products, I think, are junk and do nothing but cost money.

However, there is a much larger problem with older now being new. For those unaware, old malware that continually resurfaces in an attempt to trick people into bad situations. These old-turning-new products are doing more than costing money. A recent example of this is the re-appearance of the Koobface virus on Facebook.

The Koobface virus has been around for awhile and yet it continues to be used. Facebook has reports from last year about it, and yet it is still rearing it's ugly head. Specifically, I have seen it three times in the last week:
1) A friend of mine posted to my wall a warning that an Facebook email had been sent from her account, linking to a video, that she didn't send it, and that she knew it was malicious.
2) I recieved an email from the same friend that contained a different video link. However, from some of the text in the message, I knew it was fake/spoofed.
3) A posting went on my wall yesterday, to a third video, and by the same friend's account.

Having faith in my setup at home, I decided I would follow the link on the wall posting. Sure enough, a "new" facebook page opened. This new page had a video player in the middle of it, with a message window telling me that I needed to Update my Flash Player Plugin. About 2 seconds later, a new window opened with nothing more than an obfuscated string of about 20 characters. It was then that Norton kicked off the big warning. I made note of the URL in the new window, clicked "view info" in my Norton warning, and then closed out the bad browser window.
For giggles, I clicked the movie link on my facebook page again. The exact same sequence of events happened, as expected, with one BIG difference: the URL in the new window had a different top level address. The initial URL started with 67.X.X.X and the second time I followed this malicious link, the URL began with 74.X.X.X. I didn't bother with a third time.

From what I have read on other blogs and sites, had I clicked the "upgrade flash plugin" option on the first pop-up (fake Facebook page), and clicked OK to the download, I would have invited trouble into my electron world.

Additionally, the second, almost blank window that pops-up with an obfuscated string is actually attempting to autodownload the Koobface virus as well. For more information on Koobface, check out:
http://sunbeltblog.blogspot.com/ (September 10, 2009 posting)
http://www.pcworld.com/article/155017/facebook_virus_turns_your_computer_into_a_zombie.html
http://www.scmagazineus.com/Koobface-spreading-through-thousands-of-IP-addresses/article/147964/
http://www.symantec.com/business/security_response/attacksignatures/detail.jsp?asid=23370

I should also note that this worm is infecting (ed) more than just Facebook. MySpace, Twitter, some blogs , and other Social Networking sites. The last link above provides some information on how to get rid of this "bad boy" should you become infected.