Facebook isn’t just a place to hook up with ex-girlfriends from high school anymore. Companies large and small are now using it for networking and legitimate business tasks. Unfortunately, it can also be a place to hook your company’s network up with some nasty viruses.
The latest one, a worm called Koobface, has hit all the social networks, including Facebook, MySpace, hi5, Bebo and Twitter, and can riddle your network with malware, spyware and can steal sensitive data right from your workstations’ hard drives. Like past generations of computer bugs, Koobface wants to not only infect your computer, but then use you as a jumping off point to infect others. But unlike past viruses, Koobface and similar new malware programs are leveraging your company’s social network account to reach out and infect your online friends and business associates.
“Somewhere in the world there are some guys sitting around and dreaming up things that will make you click on a link,” said Chip Reaves, global director of Computer Troubleshooters, the largest international network of outsourced IT providers that offers onsite computer services to small businesses. “Koobface’s most effective way to spread is to send links to your friends with text like ‘I can’t believe it’s you in this video – were you sober? LOL!’ Koobface combines state-of-the-art software which can infect your computer in multiple ways with these creative lures designed to make you want to click on the infected links. It’s pretty insidious.”
According to an analysis by malware research firm Trend Micro, Koobface is composed of as many as 26 separate functional pieces, each of which is designed to use you and your computer in different malicious ways.
Reaves suggests these tips to protect your office network:
First and foremost every computer user on the Internet needs professional, up-to-date protection software. This should at a minimum include both anti-virus and anti-spyware support (some free packages do not include anti-spyware), and ideally should also include a link scanner component to minimize the risk of visiting websites which are known to be infected.
Claim your name, Check your fame
If you are using social networking sites such as Twitter or Facebook, do periodic searches for yourself. This is especially helpful with small businesses to see what people are saying about you, but if you’re infected you may find updates from yourself – which you never sent.
Use a 3rd party Twitter application or your phone
Third party applications such as Tweekdeck or Twhirl can help block certain exploits that would otherwise infect you from the Twitter website. They can also help by showing where a “shortened” URL will take you before you click. Using your cell phone for updates is also safer than using the Twitter or Facebook websites directly.
Secure Your Browser
Make sure your web browser is the most up-to-date version, since many vulnerabilities in older browsers (even ones from just a few months ago) are often used by malware creators to infect your computer. Chrome and Firefox are generally considered safer than Internet Explorer, but any browser with its security setting set to “High” and with the most recent updates should be fine. For the highest level of security consider using Firefox plus Noscript.net to block most potential points of vulnerability.
Ask to Include Social Media protection in your IT Management Plan
Many small businesses and home users today are outsourcing all their computer management to a local computer service provider through what’s called a Managed Services plan. Ask your local Computer Troubleshooter or other service provider to include social media protection in your computer management plan.
“If your IT department or outsourced support doesn’t take all those elements into account, it’s not a matter of if you’ll experience downtime – it’s a matter of when and for how long,” Reaves said. “It’s not right to be held hostage by your computer troubles or by your IT support by proxy. Uptime is not a luxury – it’s a necessity for any home or business. Make certain that your IT company guarantees it. If they don’t, look for another firm.”