I walked into work (my real job) this morning and found a warning from the corporate information security team in my Inbox. They had verified reports of a worm virus spreading via Facebook related emails.
As I’ve realized since, the problem isn’t just confined to ‘related emails’, these are malicious emails within the Facebook system. The link takes to a website to look at a video clip. If you, the user tries to watch it, a message appears saying that they need to install the latest version of Flash Player in order to watch the clip. Unfortunately, by the time I received this warning, I had already received such an email in my Facebook Inbox from a co-worker. I am so embarassed to even admit this, but yes, I did click on the link. So when I got this email from the security team, I did a virus scan, it detected and deleted the ‘Koobface’ virus.
I am extremely paranoid when it comes to online security and highly unlikely to click on anything if it’s even remotely suspicious, regardless of whom it came from. If I had received that email via Outlook or Gmail or Yahoo! mail, I would have deleted it right away. However, I was completely fooled by that, this email came from a trusted source and came to the one place that I thought was ‘safe’ – the FaceBook Inbox.
What ticked me off most of all in this sordid saga on a monday morning is that I couldn’t find any mention of this email security threat, anywhere on Facebook. There’s no warning or any kind of information related to this. Would it really have been that difficult to put a note in everyone’s Inbox that there’s a virus threat and not to click any links even if the email is from someone you know?
What’s also extremely disturbing is that if the user accounts can be manipulated to send out malicious viruses to other other accounts, how secure is the Facebook platform?
But questions around Facebook platform vulnerability aside, first things first – make sure you update your virus definitions and run a complete virus system scan. And lastly, don’t trust anyone…I mean don’t trust any emails with links no matter where they originate.
UPDATE: Here’s more information from Mashable on the latest phishing scams on Facebook.