Hackers, spammers will target Facebook Messages, say experts
Addition of e-mail to inbox, Koobface-hijacked accounts lead concerns by security pros
Computerworld - Facebook's revamped Messages will be a very attractive target for spammers, scammers and malware makers, security experts said today.
Facebook countered, saying that it has implemented new measures to protect users, including third-party anti-spam filtering of inbound e-mail.
On Monday, Facebook unveiled its new Messages, which adds e-mail to the ways members can communicate with friends. An all-in-one inbox collects Facebook messages, instant messages, text messages and e-mail into a single view.
The addition of e-mail means that spammers and scammers have yet another way to reach users, said Chet Wisniewski, a senior security adviser at antivirus vendor Sophos.
"Historically, Facebook has implemented no filtering mechanism on its messaging that I know of," said Wisniewski. "We've seen repetitive attacks using Facebook messages and chat that Facebook has had trouble stamping out."
Wisniewski compared Facebook's history of combating spam with Google's Gmail, and gave the thumbs up to the latter. "In Gmail, it's not impossible to spam, but it's difficult.... Gmail does a pretty damn good job of protecting users."
In a reply to questions, a Facebook spokesman said that the company has contracted with a third-party vendor to "supplement our spam detection and protection for messages sent from e-mail addresses off of Facebook." Facebook would not reveal the anti-spam provider, however.
Because, as Wisniewski put it, "mail is mail," he expects scammers and spammer to quickly add Facebook addresses -- which the social networking site is handing out to members -- to their lists.
"This won't end spam as we know it," added Dylan Morss, a senior manager in Symantec's anti-spam engineering group. "One of the things to note about Facebook Messages is that it integrates existing communication methods, like e-mail and chat, but these are already sources of spam and malware."
Both Morss and Wisniewski acknowledged that much of Facebook's anti-spam or anti-malware efforts have yet to be revealed because Messages has yet to roll out to all users. "Like Donald Rumsfeld said, 'There are known knowns ... there are known unknowns ... [and] there are unknown unknowns," said Wisniewski, quoting the former Secretary of Defense.
But some things are clear.
Facebook will let users restrict the messages that appear in their inbox to friends only, or select "Friends of friends" to expand the list. By default, mail from others -- those outside the friends or friends of friends circles -- drops into a mailbox labeled, not surprisingly, "Other."
But that won't prevent the spreading of spam and malware from legitimate accounts that have been hacked by criminals.
Of particular concern, said both experts, is the Koobface worm, malware that's targeted Facebook and other social networking services for more than two years. Koobface tries to trick users into clicking on a link to a malicious download, which in turn hijacks their accounts to Facebook, MySpace and other sites.
- What to expect in Facebook's earnings call today
- Could you quit Facebook for 99 days?
- Facebook is a school yard bully that's going down
- EPIC says Facebook 'messed with people's minds,' seeks FTC sanctions
- 7 things you need to know about Facebook's mood experiment
- Facebook emotional manipulation test turns users into 'lab rats'
- Facebook tries to stop Snapchat drain with Slingshot
- TMI! Facebook moves to stop over-sharing
- Inside Facebook's brilliant plan to hog your data
- Facebook shows mobile app developers the money with new ad network
- The Pivotal Big Data Suite- Reducing the Risks of Big Data The explosion of big data and the rapid evolution of big data tools and technologies is challenging IT to meet the demands of...
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
- Transforming Security: Designing a State-of-the-Art Extended Team The information security mission is no longer about implementing and operating controls.
- The Big Data Security Analytics Era Is Here New security risks and old security challenges often overwhelm legacy security controls and analytical tools.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!