Facebook users beware the bikini-worm!
Security
Facebook's Bikini-Wearing Worm
By Taylor Buley
This worm spreads via your Facebook wall.
BURLINGAME, Calif. -- Twitter's early bird has gotten its fair share of worms, but it's on Facebook where bad actors get the most sophisticated--and scandalous.
On Monday, the anti-virus firm AVG showcased a worm that has spread via users' Facebook walls. The worm is an ad with an image of a bikini-clad woman. "Wanna C Somthin' HOT!??" the worm asks users. "Click Da' Button, Baby!"
The "bikini" worm was first discovered by independent security researcher Gadi Evron.
According to AVG, the worm uses a tactic called "cross-site request forgery" to initiate a chain of actions on a logged-in user's behalf. Since the user is already logged into Facebook, the bug does not need to worry about authentication and passwords. If more users click the ad, its growth rate will likely increase geometrically. Evron, who first alerted Facebook to the bug, admits to clicking it himself before finding out its effects.
Facebook says it is investigating the problem.
Facebook will need to take action, says AVG researcher Nick Fitzgerald. Based on past bugs, the company will likely first stop the worm from spreading by doing a sweep for any offending shared items and removing them.
Last month, Facebook closed a security hole discovered by researcher Antonio Sanso, that exposed the e-mails of thousands of people.
Update: Facebook spokesman Simon Axten says that bug is not, in fact, a worm. Rather than an instance of cross-site request forgery, as the AVG researcher claimed, Axten says it's an example of clickjacking, where action is taken on behalf of the user through the browser.
"Overall, an extremely small percentage of users were affected," Axten writes to Forbes. He says Facebook is cleaning up the "relatively few cases" and notes that Facebook users can find more tips on the social network's security page.
Facebook's Bikini-Wearing Worm
By Taylor Buley
This worm spreads via your Facebook wall.
BURLINGAME, Calif. -- Twitter's early bird has gotten its fair share of worms, but it's on Facebook where bad actors get the most sophisticated--and scandalous.
On Monday, the anti-virus firm AVG showcased a worm that has spread via users' Facebook walls. The worm is an ad with an image of a bikini-clad woman. "Wanna C Somthin' HOT!??" the worm asks users. "Click Da' Button, Baby!"
The "bikini" worm was first discovered by independent security researcher Gadi Evron.
According to AVG, the worm uses a tactic called "cross-site request forgery" to initiate a chain of actions on a logged-in user's behalf. Since the user is already logged into Facebook, the bug does not need to worry about authentication and passwords. If more users click the ad, its growth rate will likely increase geometrically. Evron, who first alerted Facebook to the bug, admits to clicking it himself before finding out its effects.
Facebook says it is investigating the problem.
Facebook will need to take action, says AVG researcher Nick Fitzgerald. Based on past bugs, the company will likely first stop the worm from spreading by doing a sweep for any offending shared items and removing them.
Last month, Facebook closed a security hole discovered by researcher Antonio Sanso, that exposed the e-mails of thousands of people.
Update: Facebook spokesman Simon Axten says that bug is not, in fact, a worm. Rather than an instance of cross-site request forgery, as the AVG researcher claimed, Axten says it's an example of clickjacking, where action is taken on behalf of the user through the browser.
"Overall, an extremely small percentage of users were affected," Axten writes to Forbes. He says Facebook is cleaning up the "relatively few cases" and notes that Facebook users can find more tips on the social network's security page.
posted by Clare L. Pieuk at 7:22 AM
0 Comments:
Post a Comment
<< Home