Detecting Facebook Security Problems

I joined FaceBook roughly 1 year ago, and I have truly enjoyed the experience. I have connected with many old friends and relatives. Without FaceBook none of this would be possible, and hence my life is a little richer. But, and this is a big but, Facebook is evolving into a dangerous place.

Let me give an actual example of how one can be tricked into downloading badware when on Facebook. First, I would like to introduce an old friend of mine, Duffy Conway. Duffy worked at Gateway in sales, and was consistently one of the company’s top producers. I left Gateway over 10 years ago, and I was delighted to have Duffy as my friend on Facebook.

One day, I got a note from Duffy in my Facebook mail. See the shot below. Almost immediately, warning bells were going off in my head. Duffy is not the chatty type unless it is about football or Bill’s Bar in Sioux City Iowa, so it was quite a surprise to get a mail about a video that he made of me. Here are the four warning signs from this Facebook mail.

  1. n.ew vid.eo is misspelled in a very unusual way.
  2. Duffy sent this mail to a long list of people. Many of whom I do not know. Could there really be video with me and a bunch of strangers?
  3. Duffy is not the home video sort of guy.
  4. The mail goes to a strange URL that I am not familiar.

Duffy’s Facebook mail had 4 signs that this was a scam.

Something really smelled about this. Just out of curiosity, I decided to click on the link for Duffy’s “video”.

I clicked on the link because you cannot get badware by just clicking on a link. There is only one way to get badware and that is by downloading and executing software. A link by itself is harmless, although it is clear in this case that I would be going to a bad and dangerous place. I was discussing this article with a friend, and he was surprised. He was under the impression that badware could mysteriously install all by itself. This is not true. You must actively invite badware on your system, through program execution.

After I clicked on the link, I found myself on a very different web site. The IE security bar immediately warns me that a file wants to be downloaded. If warning bells were not going off, they should be blaring by now. It is clear that this site would have me believe that I must download and execute a file to watch this video from my pal, Duffy.

I have modified the actual screen shot to show 5 signs why this is a bad web site and should not be trusted.

  1. The name YouTube (YuoTube) was misspelled.
  2. The address did not have a name but a series of letters.
  3. The YouTube logo is missing.
  4. The IE security warning is displayed.
  5. A phony download message is displayed.

Despite the five warning signs, people actually download the badware.

The problem is that people fall for this stuff. Even if you are running security software, if you force IE to run this badware, odds are that the security software won’t catch it. There are so many warning signs but people just want to believe that their long lost friend has a cool video of times gone by.

So get this. I was talking to one of our employees at PC Pitstop about this article, and his wife fell into this exact same trap. Worse yet, he spent the better part of a weekend cleaning it up.

In summary, the most effective security software is the software inside of your own head. We all must learn the key signs of how badware gets installed on our computers. Because Facebook is all about your friends, there is tendency to let down your guard, when in fact the opposite is true.

(Visited 44 times, 1 visits today)

15 thoughts on “Detecting Facebook Security Problems

  1. It is a pity that you so quickly diminish your own credibility by contesting what adam said (above).

    It may very well be that you have been lucky. That simply does not alter the fact that it most definitely *IS* possible to pick up problems without any voluntary interaction with the site.

    Readers may decide for themselves. adam’s post claims professinal insight. I base mine on personal experience and a higher-than-usual but still amateur level of involvement in pc security.

    Many readrs will have heard te term “drive by trojan”. Think as well about scripts. You may have restricted the ability of scripts to run on your pc: You should not assume that every reader will also have changed their default settigs to do so too.

  2. I got an email asking if I was someone’s friend in TX. To be polite, I logged into Facebook to say no. First thing was a list of all my online friends. Thinking they were all on Facebook, I put a check by their names. I had no idea I was inviting them to join. Took a closer look and realized that list included one-time business contacts, inquiries on a vehicle I was selling, etc. Facebook had taken all that info out of my gmail acct. without my consent. That was all I needed to know I wanted no part of it. But the simple act of logging in made me a member with a wall & whatever. Now they want to know if it is OK to share my public info. NO. I know what’s next. So, with a computer I’m still trying to clear of malware, and Facebook ads that install malware just because you’re there, How the F do I get out safely and completely?

  3. That folks is exactly why I don’t use any third party apps or games in facebook. Farmville included! I’m there to connect with friends and to use as a business platform for my health and wellness products. I wish everyone well and to have fun but I’m not playing the reindeer games.

    The Blakester
    Robert Blakely

  4. @ Adam (http://techtalk.pcpitstop.com/2010/05/17/detecting-facebook-security-problems/?#comment-16166):

    There are a few vulnerabilities for different browsers, and some are more safe than others. I have purposely gone to quite a few rogue antivirus websites (I don’t mention their names because most are very similar).

    Never has anything been downloaded without giving me a notification and options to download or not.

    The only way to be free from malware is to never use any part of your computer at all, which kind of defeats the purpose. But you can come very close to 100% security with tools like Comodo Internet Security (a few adjustments are usually in order), Sandboxie, GeSWall, and the like.

  5. Actually you are 100% incorrect about the ability of software to install itself on your system from websites. As an IT professional I have witnessed trojans adware, spyware, and other malware download from websites onto computers without any warning from the software.

    The most common of these (that I have seen at least) is Antivirus Live 2009 (2010 and 360 are also out there) these can and do install onto your computer w/o permission by downloading themselves into your browser cache and installing themselves. Once it has done so you will see a seemingly legitimate program telling you you have a virus and asking you to pay 60 dollars to get the “full version” of their software.

    While there are many very good tips in this article do not fall into a false sense of security that “as long as I don’t do X wrong I cannot be infected.”

  6. I received the exact type of message but via the IM popup. It was one of my friends telling me that there were disturbing pics of me online and that she couldn’t believe someone would post something like that of me. My heart started beating fast and I was just about to click it when I realized that I don’t have any disturbing pics and this IM used words that she would never use. I immediately im’ed her and it sent to all her friends. I did check out the link and it was a basic generic phishing site…warning signs all over the place.

  7. I’ve seen these types of wall posts on my facebook account. Fortunatly I’m very familiar with pc security, so I didn’t click on them. For those that did, I’ve advised them to use products such as malwarebytes religiously to monitor their systems for malware. Having said all that let me say that I don’t blame facebook for this any more than I blame outlook for phishing sites that I receive emails for. It’s our own responsibility to educate ourselves about how the bad guys want to attack our small bit of privacy.

  8. I received one of these yesterday from a friend at work. She said she had some new pictures of her boys. The name, Nikki, and the fact that she had pictures of her boys all sounded legit. BUT, she usually tells me at the office (I create a screensaver of the staff and their family). I looked at the URL and sure enough it was something very strange. I deleted it. She hadn’t sent it.
    Beware of msg’s from “friends”.

  9. You can also dl these things by simply telling the dl box “no” or clicking the “x” in the corner…I usually back out as fast as I got there when I’m asked to dl something I didn’t ask for.

  10. We have programs (software) that run on computers (hardware) but the thinking we do is done by “wetware” inside our heads.

  11. Thanks for the warning. My precaution has been to have family and friends send me a text or call me that something is coming I need to view. Also, if I don’t recognize the sender I do not accept anything. Delete is my favorite key when dealing with public web sites.

  12. I have already quit facebook after receiving a very strange posting attributable to my son. After checking with him by phone we both concluded that this was one of those “funny things facebook does”!

  13. This article should be read by all Facebook users. I wish it could be translated in french for the benefit of my friends. I will post a link of this article by email, though. not Facebook.. who knows !

    Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *