Facebook & the new Word Macro Virus

Twitter: @orinthomas

Back in the late 90’s when I transitioned from a help desk role to Systems Administration, the most common way that computers would become infected with viruses was the Word Macro virus. The anti-virus vendor’s definitions simply couldn’t keep up with the variety of these viruses ad I remember running scans against departmental file shares every week, finding new outbreaks of infection.

Eventually things in macro virus world calmed down and malware authors moved onto newer and simpler to exploit targets.

Today more and more today is that Facebook is increasingly becoming the attacker’s platform of choice. This makes sense – nearly 800 people log on every day and in a medium designed for sharing information, malware dressed up as a video of a dancing cat will spread more rapidly than an attachment of a dancing cat would have spread through e-mail a decade ago. It works on Facebook because the malware doesn’t appear to have originated from some random site, it instead seems to have been something posted by a friend. One of the main things that people do on Facebook is click on the interesting digital detritus their friends dig up from around the Internet. How are they able to tell the difference between a link to a cat playing an accordion that contains malware from a link to a cat playing the bongos that does not?

At the moment Facebook borne exploits primarily target people accessing Facebook through their PC. Users who don’t keep their browser software up to date are more likely to be successfully exploited than users who ensure that their browser is updated on a timely basis.

Increasingly though people are accessing Facebook through their mobile devices. Mobile devices are a lot more challenging to keep up-to-date than PCs and most of them aren’t designed to be secure from exploit code running on the sites they access. Don’t be surprised if in the next few months we start to see malware spreading on Facebook that attacks users accessing the site from the most common mobile operating system. When mobile phone malware goes prime time, it’s likely to be Facebook that serves as the primary vector for the infection.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.