Cybercrime Spreads on Facebook

In an article that should be no surprise to anyone in the security industry, Reuters reported this week that Cybercrime is spreading rapidly on social networking sites, specifically, Facebook. With the spread of malware from Facebook, it's unlikely any IT administrator hasn't had to clean up after one Facebook virus or another.

Reuters reports:

Cybercrime, which costs U.S. companies and individuals billions of dollars a year, is spreading fast on Facebook because such scams target and exploit those naive to the dark side of social networking, security experts say.

While News Corp's (NWSA.O) MySpace was the most-popular hangout for cyber criminals two years ago, experts say hackers are now entrenched on Facebook, whose membership has soared from 120 million in December to more than 200 million today.

I've personally seen plenty of my friends on Facebook get infected and offer me videos that were infected. As Reuters explains:

Scammers break into accounts posing as friends of users, sending spam that directs them to websites that steal personal information and spread viruses. Hackers tend to take control of infected PCs for identity theft, spamming and other mischief.

Facebook is of course trying to stem the malware themselves, but as they report:

"Security is an arms race, and we're always updating these systems and building new ones to respond to new and evolving threats," Axten said.

When criminal activity is detected on one account, the site quickly looks for similar patterns in others and either deletes bad emails or resets passwords to compromised accounts, he said. Facebook is hiring a fraud investigator and a fraud analyst, according to the careers section of its website.

But ultimately Facebook says its members are responsible for their own security.

"We do our best to keep Facebook safe, but we cannot guarantee it," Facebook says in a warning in a section of the site on the terms and conditions of use, which members may not bother to read. (www.facebook.com/terms.php)

There are plenty of examples of malware spreading on Facebook, including these common examples:

Amy Benoit, a human resources manager in Oceanside, California, said she may stop using Facebook altogether after she became entangled in a popular scam: A fraudster sent instant messages to a friend saying that Benoit had been attacked in London and needed $600 to get home.

Yale University last week warned its business school students to be careful when using Facebook after several of them turned in infected laptops.

One of the most insidious threats is Koobface, a virus that takes over PCs when users click on links in spam messages. The virus turned up on MySpace about a year ago, but its unknown authors now focus on spreading it through Facebook, which is struggling to wipe it out.

The increase in cybercrime in Social Networking should keep any administrator on their toes, and reminds us of the importance of virus scanning not only in e-mail but for web browsing as well.