The Altimeter by Charlene Li

I got hit with a Facebook malware virus recently and I've actually been pretty lucky -- it could have been a lot, lot worse. I wrote about how some Facebook viruses manifest themselves back in August - in that case, hundreds of emails were sent out through an unsuspecting person's account with a virus-laden link. 

In my case, the same thing happened this past week -- I received an email from a trusted friend and I did not have my internal "sucker alert" turned on. I clicked on the link, downloaded something, and proceeded to have my system run amok. My anti-virus and anti-malware software kicked in and caught part of the nasty "finditand" redirect bug, but not all of it. Fortunately, it didn't spawn malicious messages to my Facebook friends and I was able to remove it (details on how to do this are in this forum posting). 

The friend who sent me the message was not so lucky. He was distracted -- multitasking, talking on the phone -- when he clicked on a malicious link in a message that had been sent from a trusted colleague of his. As soon as he realized what had happened, he turned off his computer and ran it to his IT department to get it scrubbed. But it was too late -- I along with many other people in his network received the email and I know at one company there were several people hauling their PCs into IT. 

I spoke with my friend the day after this all happened and he shared with me his utter embarrassment that he had done this, but moreover, his frustration that he was powerless to do anything about it. He really couldn't message his 500 Facebook friends and tell them to ignore the email from him because how would they know it was really him? He also shared that Facebook did contact him to let him know that his account had been compromised, and that he should run security software and reset his Facebook password -- about 24 hours after the incident happened. He characterized the response as "a day late, a dollar short." 

In the meantime, I was also contacted by Facebook spokesperson Barry Schnitt who had seen my tweets on my Facebook virus problems. He offered some help and also gave me some background on what Facebook was doing about attacks: 

"As for being proactive about protecting the site, we are.  We have a number of sophisticated systems monitoring Facebook and teams of security professionals reviewing flagged items and updating these systems.  Accounts with suspicious activity (too many messages in too short a time) are disabled or have their password reset.  Also, suspicious URLs in messages, status updates and wall posts will require the poster to solve a captcha before posting.  Alternatively, if our automated system is sure the URL is spam, we’ll “blackhole” the URL and users won’t be able to post it or be re-directed to it through Facebook.  However, most of these efforts are invisible to users.  Malicious actors out there are constantly attacking the site and what you see is actually a very small percentage of what is attempted."

I have no doubt that Facebook is deeply concerned about malicious behavior on the site and doing as much as they can as a company - after all, I doubt there's anyone at Facebook thinking, "Let's not do anything about these attacks." 

But I think they are missing one huge opportunity -- leveraging the Facebook community itself to not only educate and prevent attacks, but also to help fellow members once an attack has taken place. There are three specific areas where the Facebook community can fight back against attacks: 

• Take a page from the Akismet anti-spam playbook and allow users to forward suspicious messages/URLs to the security team. Actively encourage it with "report abuse/virus" inside messages, not just in discussion areas and in wall comments.
• Enable the dedicated Facebook security page, or some other group or area, with discussion forums, comments, etc. where members can share information on the latest attack or offer solutions if they have been infected. While some undesirable content posted may be posted, that's the nature of communities.
• Lastly, people impacted by Facebook viruses need tender, loving care from Facebook as well as Facebook the community. The common emotion among attack victims is that they feel violated. They suffered a loss to their reputation among friends and need the time and space to recover. And I believe they will recover faster if they have the support of other people who have been through similar experiences, or being given a channel to communicate with their friends. They almost need a "victims" support group to help them get back on their online feet again.

These attacks are not going to stop, in fact, as long as people like me and my friend inadvertently click on those links, they will continue. I for one am not going to stand by and depend on Facebook to do all of the work -- I'm joining the fight. 

To that end, I've created a group on Facebook focused on virus prevention, remedies, and support. My hope is that others will share their experiences and expertise, and help Facebook keep these malicious attacks at bay. So if you have ideas and suggestions, or can provide expertise and support, please join!

P.S. I keep hearing about applications being a source of viruses, but from what I can tell, it appears that most are spread within Facebook -- as they are throughout all Internet applications and email -- through inadvertent clicking on malicious links. I'd love to hear about examples where Facebook applications were the source of a malicious virus or malware attack.