Sophos stops new version of Koobface social networking worm

Book face
Our friends at Trend Micro are in the news today talking about a new variant of the Koobface worm which is capable of spreading via Facebook, MySpace, Bebo and other social networking sites.

It’s the typical fare – a message apparently sent by a friend of yours on the social networking site invites you to check out a video. However, when you click on the link you are taken to a website posing as YouTube that encourages you to download an updated version of the Adobe Flash Player plugin.

Of course, that downloaded file is in fact a Trojan horse. Sophos proactively detects it as W32/Koobfa-Gen without requiring an update.

What’s perhaps more interesting to me is that in an interview with the BBC today, Facebook founder Mark Zuckerberg says that they will not be introducing a system of “vetting” before allowing third-party applications to be added to the site.

Sign up to our free newsletter.
Security news, advice, and tips.

This news comes in the wake of incidents we have seen in the last week or two where third-party Facebook applications like “Error Check System” and “F a c e b o o k — closing down !!!” have used underhand tactics to gain users and access to individuals’ profiles.

I think it’s a little impractical to expect Facebook to check every single application that its users upload to its site, in the hope that they might uncover some mischievousness, but that doesn’t mean Facebook should do nothing.

My proposal would be that Facebook application developers would need to jump through several hoops before they were approved to unleash their applications on the networks’ 150 million plus users.

The first thing would be that anyone wanting to write a Facebook application would have to prove their identity and contact details. Yes, you heard me – not just an email address!

And then they sign an agreement with Facebook, accepting their terms and conditions, before they can become an authorised Facebook third-party developer.

After all, I remember writing an application for Facebook as an experiment and was amazed that within minutes it was available for the whole world to run, without Facebook having to know anything about me other than a webmail address.

You could even stagger roll-outs. So, if you are a brand new third party developer on Facebook your application is only available to x% of users for the first y% of days, and slowly the percentage of people who can run your application slowly builds up. That would help stem the success of malicious applications, and give the community an opportunity to highlight troublesome code that may be up to no good.

My suspicion is that an authorised developer system would have other benefits besides giving the authorities more of a trail when an app “goes bad” – it could also perhaps improve the quality of the average Facebook app!

* Image source: Max-B’s Flickr photostream (Creative Commons 2.0)

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.