Just in case you were asleep at your IDS this week, a new version of an old virus is making the rounds on facebook. I first noticed it early Wednesday morning as a slew of executable downloads that looked a little unusual:
/flash_update.exe 99.17.69.77:7777
/flash_update.exe 99.17.69.77:7777
/flash_update.exe 99.17.69.77:7777
/flash_update.exe 91.184.219.216:7777
/flash_update.exe 212.200.159.91:7777
/flash_update.exe 212.200.159.91:7777
I will skip the writeup of this virus as it has already been covered pretty well over at wired, avert labs and SANS. This is a good time to mention that we can now add facebook to “the things I hate most” list. While some may argue that they have never had issues at facebook/myspace/ringo/PutYourOtherSocialNetworkPlaceHere I would argue that you probably have, you just didn’t know about it, or your computer was protected well enough to mitigate the problem. If you were lucky enough to be protected, odds are you won’t be next time. If you can find private social networking sites, stick to those. If you feel you have to use MySpace (shudder) set your profile private, and keep the personal info to a minimum. Facebook has some other issues to deal with, and is kind of a hybrid of a closed social network and an open public site.