Sky News has been told that Facebook users are most at risk from a variant of the Koobface virus, which has been disguised as a Festive greetings video, hosted on a YouTube site.
Security experts say the new virus is "particularly nasty" and compels its victims to participate manually in creating a new Facebook account to help spread the worm.
In previous years, variations of this virus have caused chaos across the web.
But internet security experts believe the new worm is likely to prove particularly effective in fooling users, because of the growing number of people who now opt to send out electronic greetings cards.
The attacks work by posting malicious links on Facebook wall pages, inviting users to click on the Christmas card videos. However, any attempt to play the video turns over control of the PC to the attackers.
The victim then sees a warning message, requiring them to solve a Captcha (Completely Automated Public Turing Test To Tell Computers And Humans Apart) puzzle within three minutes.
A timer ticks down and if the puzzle goes unsolved after the allotted time, the PC freezes up.
Experts warn that rebooting the computer will not help and the only way to end the loop is to solve the Captcha puzzle.
The victim would then be able to use their PC as normal, but the attacker would still have control.
While those targeted grapple with the unfolding problem, the worm separately uses the victim's computer to fill out a new account application, unseen by them.
The new account is then used to post more Christmas video worms in a continuing cycle.
Internet security company Panda Security has been tracking the latest variant of the Koobface worm from its labs in Spain.
"There is no doubting that this latest Koobface attack represents a serious threat to social networkers," the company's UK managing director Peter Lautin told Sky News.
"If someone runs the infected file on their Facebook or MySpace page, the worm will automatically log in to their account and several other social networking sites, sending malicious messages to all their friends.
"The more people who use an application such as Facebook, or any other means of social networking, the more likely they are to be targeted by bad guys to send out malicious threats such as Koobface."
The company recommends that users do not reply to or follow links included in unsolicited Facebook messages and users should always carefully check that the URL they are entering is really that of the site they want to access.
If you've logged into Facebook in the last 24 hours you will have noticed that the social networking site has changed its privacy settings. The move, which could dramatically increase the amount of personal information people display online, has outraged digital rights groups and civil liberties campaigners.
The changes make more information, photos and videos visible to everybody on the web unless you specifically edit the settings yourself - status updates can now also be picked up by search engines.
The pop-up message that greets members asking them to change their privacy settings appears to be different depending on how engaged that person was with Facebook. We would urge all members to log on and double-check their privacy settings now, if they haven't already done so.
Facebook said the changes, which were introduced on 9th December, help members manage updates they want to share, not to trick them into revealing more information than they are comfortable with.
So why then are status updates now automatically made public unless specified otherwise by the user?
"These new 'privacy' changes are clearly intended to push Facebook users to publicly share even more information than before," said Kevin Bankston, a senior attorney with the Electronic Frontier Foundation. "Even worse, the changes will actually reduce the amount of control that users have over some of their personal data."
Facebook began testing the privacy changes during mid-2009 before introducing them site-wide. The changes let people decide who should see updates, whether all 350 million Facebook members should see them, and if they should be viewable across the web.
Barry Schnitt, a Facebook spokesman, said users could avoid revealing some information to non-friends by leaving gender and location fields blank. Any suggestion that we're trying to trick them into something would work against any goal that we have," said Mr Schnitt.
Facebook is encouraging users to share their updates because, he said, that was in line with "the way the world is moving". But the important differentiator is that these changes are more in line with how Facebook wants the world to move forward, not necessarily how its users want the world to move forward.
As blogger Marshall Kirkpatrick said, this is not what Facebook users signed up for. This issue isn't about privacy for Facebook, it's about increasing traffic and the visibility of activity on the site.
Many users have left comments on the official Facebook blog criticising the changes.
Facebook has been hit by a malware attack for the second time in one week, after it was noted that a rogue application has been sending notifications containing malicious links to the members of the social networking website. However, in this new wave of spamming attack the hackers took advantage of the controversy surrounding the planned new terms and conditions for the website.
In the second attack, Facebook users received notices that they had allegedly being reported for infringing the website’s terms and conditions by a friend added in their contact lists, and instructed users to click on to a provided link which directed to an application named ‘F a c e b o o k - closing down!!!’, which after installation posted spam messages to the members added in the victim’s contact list.
Graham Cluley, senior technology consultant at the Sophos blogs, notified that the users who clicked on to the malicious links were inadvertently provided the hackers access to their profile and personal data, as well as unintentionally forwarding spam messages to other members.
However, Facebook responded to the issue by saying, “Our team disabled this application for violating the Facebook Developer Terms of Service. Some additional versions of it have sprung up, and we’ve disabled these as well”
To close this box, please click on the main title above
Figures published by online research firm Nielsen Online show that social networking behemoth Facebook has more than doubled in size during the last 12 months, further widening the gap with the likes of Myspace and Bebo.
Facebook had 17.6 million unique users in January 2009, that's nearly twice the size of Bebo and Myspace combined (at 4.3 million and 5.4 million unique UK users respectively). At this rate, it is likely that Facebook exerts an even bigger domination in the UK social networking sector than Google in the search arena.
The growth of Myspace and Bebo, over the 12 months to January 2009, were comparatively small at 7 percent and 6 percent. More worrying is the amount of time users spent per month of those websites. Facebook users spent roughly about 12 minutes per day while Myspace aficionados remained on the site for only 90 seconds on average per day.
Facebook's time on site is up by 128 percent year on year, Myspace's down by half over the same period. Multiplying unique users by time spent on site makes frightening reading for the rest of the competition - including Google. Facebook users spend a cumulative total of 24.64 million hours per week on the site in the UK alone. Myspace? Just under 1 million hours over the same period.
To close this box, please click on the main title above
How to spot a social networking con trick
More than 20,000 pieces of malware attacked social networks in 2008 alone, according to online-security firm Kaspersky Lab. That's no surprise, either: while email is still the most spam-filled medium, researchers suspect that social network cybercrime is growing at a far faster rate.
"People are used to receiving spam and malicious messages in their email, but it is much less common on Facebook," says Graham Cluley, a senior technology consultant with Sophos UK. "They are lulled into a false sense of security and act unsafely as a result."
You can avoid becoming one of the many who make that mistake.
We've dug up the dirt on five scams currently posing a threat on Facebook. We turned to analysts who study them as well as to users who have fallen for them, all to help spread the word about how these things work and how you can best them. (Facebook representatives did not respond to our request for comment.)
Knowledge is the greatest weapon against becoming a victim. Read on, and arm yourself well.
To close this box, please click on the main title above
Scam No. 1: The Nigerian 419
The Scam: it may sound like a hip new emo band (or a somewhat old email scam), but the Nigerian 419 will do more than just offend your ears - it'll also empty your wallet. The moniker refers to a scam dating back decades that has recently entered the social network scene.
A couple of months ago, IT worker Beny Rubinstein received some alarming Facebook messages from a friend and fellow tech professional.
"[He said] he was in the UK and was robbed, and needed $600 to fly back to Seattle," Rubinstein recalls.
The messages came both in Facebook-based IMs and in email. They included details such as family members' names, making the notes appear all the more authentic. It wasn't until 2 hours and $1,100 later that Rubinstein realised what had happened: someone had hijacked his friend's account, contacted his friends, and - at their expense - made off like a bandit.
"Scammers figured out that even though social networks don't have direct access to money, they have access to information that gives you a good shot at getting someone else's money," says Vicente Silveira, a product management director at VeriSign and a personal friend of Rubinstein's.
The Protection: Before you send cash to a pal who seems to be in trouble, try to contact him or her outside of the social network-either by phone or by external email. Not feasible? Ask an extremely personal question that a hacker couldn't possibly figure out from information within the profile. We'll leave the specifics up to you.
To close this box, please click on the main title above
Scam No. 2: The Widget Warrior
The Scam: Facebook is famous for its widgets - the third-party applications that you can add onto your account. Sometimes, though, widgets turn into warriors with a single mission: stealing your data.
The first rogue widget reared its head in 2008, when researchers realised that a program called Secret Crush had anything but sweet intentions. The application, which was supposed to help you find your virtual admirers, instead installed spyware onto your computer. Even worse, it encouraged you to spread the love by getting other friends on-board - essentially "manipulating humans to pass it along on their own", says Guillaume Lovet, senior manager of Fortinet's Threat Response Team.
Secret Crush has since been crippled, but the potential for similar threats still exists. Just days ago, security experts determined that an application called Error Check System was misusing profile details and possibly stealing personal information. A few months earlier, researchers from Greece's Institute of Computer Science uploaded a malicious app to Facebook as an experiment (PDF). The team was able to configure the widget, which posed as a 'Photo of the Day' displayer, to utilise its users' internet connections for denial-of-service attacks.
The Protection: Use extra caution when installing third-party applications. "When you accept to install one, malicious or not, you are granting its author access to all the info in your profile," Lovet says. Make sure you know what the app's creator will do with it.
To close this box, please click on the main title above
Scam No. 3: The Koobface Virus
The Scam: Don't be fooled by the name - there's little to laugh about when it comes to the quickly spreading Koobface virus. (The word, by the way, is an anagram of 'Facebook'.) Once the virus infects your PC, it starts sending messages or wall postings to your Facebook friends, directing them to a 'hilarious video' or some 'scandalous photos' of someone you both know.
"The link promises an enticing video, but when the user clicks, he is presented with a web page with a fake Adobe Flash update or a fake codec that needs to be downloaded," explains Ryan Naraine, a security evangelist with Kaspersky Lab. "That download is malware."
The Protection: Antivirus software can help keep you safe, but some common sense can also go a long way. "Be wary of any kind of direct URL in messages or postings," advises Jamz Yaneza, a threat research manager with Trend Micro. If a site asks you to download a software update, Yaneza says, click Cancel and go directly to the vendor's page to see if the update is legit.
To close this box, please click on the main title above
Scam No. 4: The Phishing Pond
The Scam: Phishing, a favourite hacker tactic, has found new life at social networking sites. Scammers trick users into following links that open official-looking Facebook log-in prompts. If you enter your user name and password, the information is logged - and your account is theirs.
Brandon Donaldson, a pastor at the Lifechurch.tv Internet Campus, fell for the scam. Someone gained control of his Facebook account and started sending messages to his friends and followers, trying to persuade them to follow the same links and unwittingly give up their accounts, too.
"This was a pretty bad ordeal, since I regularly put video content up on the web, and I use the internet as a tool for many relationships," Donaldson says. "You build a certain social trust in these spaces, and you want to keep that trust without these kinds of incidents."
The Protection: The previous plan also applies here: watch where you click. Plus, if you're ever asked for your password midsession, don't enter it. Manually navigate back to the Facebook.com home page instead, and then log in there if need be.
To close this box, please click on the main title above
Scam No. 5: The Contrived Community
The Scam: Community enthusiasts, be cautioned: Facebook user groups can sometimes be cleverly disguised vehicles for marketing. And - whether you realise it or not - when you click the join link, you're effectively opting in.
Brad J. Ward was one of the first users to find such a scheme in action. Ward, then a member of Butler University's admissions department, discovered a Facebook group called 'Butler Class of 2013'. The only problem: the people behind it had nothing to do with Butler. After posting about the issue on his blog SquaredPeg.com, Ward soon learned that the names of nearly 400 other schools appeared in similarly suspicious groups, all created by the same small set of people.
"My initial reaction was that some company or person was essentially setting themselves up to be the administrator for hundreds of groups, which provides the opportunity to send out mass messages or to collect data," Ward says.
His instinct was right: the publisher of a college guidebook had set up the groups, seemingly with the goal of building a mass mailing list for marketing its products, Ward discovered.
"Was any of it illegal? Not necessarily," Ward points out. "But was it unethical, and could it be misconstrued as an official university presence? Yes."
Once exposed, the publishing company College Prowler admitted its involvement and agreed to back out of the groups. Still, that's only one company. More than likely, countless others haven't been detected, and are actively using groups to gain the trust (and information) of unsuspecting users.
The Protection: Be very selective in deciding what groups you join. If you aren't sure who runs a given Facebook community, or whether it's officially linked to the organisation that it claims to be, don't accept the request. Your privacy is worth more than any membership.
To close this box, please click on the main title above
Facebook has suffered its second malware attack in a week, after it emerged that a rogue application has been posting notifications to user profiles containing malicious links.
This time the scam took advantage of the publicity surrounding the proposed new terms and conditions for the popular social networking site.
The message read: "[Friend's name] has just reported you to Facebook for violating our Terms of Service. This is your official warning! Click here to find out why you were reported! Request Facebook look at what has happened and rule immediately."
Users following the link had an application called 'facebook - - closing down!!!' installed on their PCs. This then spammed all of the affected user's 'friends' with the same message, potentially collecting personal information as it went.
"It sounds like this could be a new favoured trick being used by spammers and identity thieves to build up their databases of intended targets," wrote Sophos senior technology consultant, Graham Cluley, in a blog post.
Rik Ferguson, solutions architect at security vendor Trend Micro advised Facebook users to exercise extreme caution when surfing.
"Surely these two events in just a single week mean that it’s about time that Facebook reviews its application hosting policy," he added.
"Prevention of rogue applications with extremely dubious intent to propagate freely within the site is needed."
The scam follows another attempt earlier this week to trick Facebook users into installing malware. An 'Error Check System' application sent notifications to Facebook users stating that one of their friends "has faced some errors when checking your profile", and prompting them to click a malicious link to "View the Error Message".
To close this box, please click on the main title above
The famous Dunbar number, or “theoretical cognitive limit to the number of people with whom one can maintain stable social relationships”, is generally accepted to be about 150. However, in a recent interview with The Economist, Cameron Marlow, a research scientist at Facebook, shared some interesting stats on Facebook users’ social behavior patterns.
His findings: while many people have hundreds friends on Facebook, they still only actively communicate with a small few. Or to quote the author of the article, “Humans may be advertising themselves more efficiently. But they still have the same small circles of intimacy as ever.”
Here’s the data from Marlow:
The average male Facebook user with 120 friends:
- Leaves comments on 7 friends’ photos, status updates, or wall
- Messages or chats with 4 friends
The average female Facebook user with 120 friends:
- Leaves comments on 10 friends’ photos, status updates, or wall
- Messages or chats with 6 friends
The average male Facebook user with 500 friends:
- Leaves comments on 17 friends’ photos, status updates, or wall
- Messages or chats with 10 friends
The average female Facebook user with 500 friends:
- Leaves comments on 26 friends’ photos, status updates, or wall
- Messages or chats with 16 friends
In other words, Facebook users comment on stuff from only about 5-10% of their Facebook friends. And as has been shown by many other studies, women communicate with more people in all cases than men.
“People who are members of online social networks are not so much ‘networking’ as they are ‘broadcasting their lives to an outer tier of acquaintances who aren’t necessarily inside the Dunbar circle,’” Lee Rainie, the director of the Pew Internet & American Life Project, says.
To close this box, please click on the main title above
A psychologist is urging people to get off Facebook and other social networking sites, and get a life instead.
Dr Aric Sigman says the amount of time we spend with each other has slumped dramatically and in turn is damaging our health.
He says our devotion to such sites could alter the way genes work, upset immune responses, hormone levels, and the function of arteries, and influence mental performance.
Levels of hormones such as the "cuddle chemical" oxytocin, which promotes bonding, altered according to whether people were in close contact or not.
This could increase the risk of health problems as serious as cancer, strokes, heart disease, and dementia.
Dr Sigman spells out his warning in the latest issue of Biologist, the journal of the Institute of Biology, and maintains that social networking sites have played a significant role in people becoming more isolated.
He said: "Social networking is the internet's biggest growth area, particular among young children.
"A quarter of British children have a laptop or computer in their room by the age of five and they have their own social networking sites, like the BBC's myCBBC. It's causing huge changes."
Dr Sigman said 209 "socially regulated" genes have been identified, including ones involved in the immune system, cell proliferation and responses to stress.
Electronic media is also undermining the ability of children and young people to learn vital social skills and read body language, he said.
Dr Sigman continued: "One of the most pronounced changes in the daily habits of British citizens is a reduction in the number of minutes per day that they interact with another human being.
"In less than two decades, the number of people saying there is no one with whom they discuss important matters nearly tripled.
"Parents spend less time with their children than they did only a decade ago. Britain has the lowest proportion of children in all of Europe who eat with their parents at the table. The proportion of people who work at home alone continues to rise.
"I am worried about where this is all leading. It's not that I'm old fashioned in terms of new technology, but the purpose of any new technology should be to provide a tool that enhances our lives.
"Social networking sites should allow us to embellish our social lives, but what we find is very different. The tail is wagging the dog. These are not tools that enhance, they are tools that displace."
Research suggests the number of hours people spend interacting face-to-face has fallen dramatically since 1987 as electronic media use increases.
To close this box, please click on the main title above