Please enable JavaScript to view the comments powered by Disqus.


Risky Business: Using Facebook at Work

Allowing employees to check social-networking sites on the job may invite cybercriminals into your company.

As social networking sites gain popularity in business environments -- as marketing tools as well as among employees goofing off on the job -- their use by malware to launch attacks is growing, too.

One marauding program called Koobface masquerades on Facebook as e-mail from friends, directing a user to an outside site. Once opened, Koobface takes up residence on the user’s computer, capturing keystrokes in order to nab credit card numbers, faking virus attacks then offering to disinfect the computer -- for a fee, of course -- or otherwise committing mayhem.

Messages telling users there are viruses on their computers typically look like the real thing from Microsoft. One fake-cleanup gang was finally caught last year after doing an estimated $100 million in business.

Note that nearly 30% of corporate computer users admitted to checking social network sites while at work last year, up from 15% the year before. “Essentially, users are volunteering to be infected,” says David Perry, global director of education at Trend Micro Inc., a provider of Internet-security software.


And “once infected, the bad guys have control over your system and browsing activities,” notes Jamz Yaneza, threat research manager at Trend Micro.

Moreover, the malicious software -- or botnet, as such software is called -- keeps evolving, making it difficult to control.

The malware isn’t confined to Facebook. Koobface also has appeared on MySpace, Friendster, hi5, myYearbook, Tagged, Bebo, Netlog, fubar and Twitter accounts.

To protect yourself, consider using software that will proactively block employee surfing to malicious sites. Prices for blocking software vary by size of installation, but run less than $70 for a three-computer network. In addition to Trend Micro, providers of blocking software include Symantec, McAfee, Microsoft and Computer Associates.