Koobface Virus: Facebook Isn’t Free Afterall.

Paul Bush, Principal Consultant, OneSource Technology, Inc.
November 2011
It started so innocently. “Are you on Facebook?” Soon you’re posting family vacation photos, “liking” your friends’ posts, and lurking around your kids’ pages. It’s free and always will be, as the landing page denotes. But how much can these free applications cost your firm once it invades your firewall?

It wasn’t long ago that businesses could reasonably block all social media access in the name of staff productivity. Today, with over 800 million users, Facebook is the 800-pound gorilla of pop culture, followed by Twitter, LinkedIn and MySpace. It’s hard to call this “social media,” when we’re using these tools to generate awareness, recruit employees, and sell goods and services. And, let’s be honest: How many of you have used social media to conduct formal and informal background checks on a potential client, witness, litigant or employee?

Have you ever opened Facebook just to “check in” and ended up blowing off 25 minutes of billable time? As if that wasn’t enough, while you’re innocently chatting with friends, your account is hacked by a computer worm that sends Facebook messages or links to your “friends” with malware attached. This is the modus operandi of the Koobface computer worm, first detected in December 2008, with a more potent strain appearing in 2009. Fortunately Koobface was only used to send out spam ads, but it could have just as easily included additional malware to leak confidential data to outside parties.

How do we protect from Koobface and other insidious viral attacks? In simple terms, how do we keep the bad guys out and our confidential information in?

We suggest a multifaceted approach for the peaceful coexistence of network security and social media. First, we suggest a company policy addressing the acceptable use of social media. Second, in order to protect the business network from any malware or viruses that may be maliciously embedded in social media, we recommend business class antivirus software that is centrally managed from the server level. This allows central control of the antivirus software and an easy way to manage its implementation. And lastly, we recommend use of a strong firewall or Internet gateway appliance that includes “application level filtering.” This device scans the data coming in from the Internet and removes most of the potentially harmful content to further protect your network from malware or viruses. It also allows control over which users get access to social media sites on the company network.

Social media has become a business tool that we cannot ignore. Its potential for permission-based marketing and its use as a competitive intelligence tool rivals that offered by the Internet during the mid-1990s. Just as businesses had to embrace and manage access to the Internet in its early days, we must do the same with social media. A well thought out combination of controls and technology can help us harness social media as a productive business tool.