Guest Post: "Hacked?" Not exactly... Malicious Code and Facebook.

♌Lovely♌Poisoner♌ Sez:  Welcome to our first guest post by my BBE (and RL hubby), Fehu!  Please do yourself - and all of us - a favor by being a conscientious Facebook and internet user; don't click on everything everyone sends you, or allow any and all apps every permission they request!  Be careful and smart; don't become just another link in the malware chain!

If you get this, don't click!.

 
Every so often there is a new wave of people getting hit with malicious code.  Being that I reverse engineer malware and analyize network traffic for a living, I am going to share a very brief word about how to avoid this. There are really only a few ways to quickly identify potential malicious code and avoid it.
 
An introduction to the life span of (most) malware:  The malware is created.  It is released.  It effects a few people.  Admins and security savvy users start to take notice.  Patches are developed, accounts are hardened, and malware is removed (from the users that follow instructions!).

Tip 1.) The time it takes for most malware to raise a flags and inspire a few reports is often very short. Don't be an early adopter of an application/software that you haven't known about for at least a week. Naturally this is not bulletproof, but it will prevent getting compromised by eager amateurs.

Even malware (including viruses/worms) has limitations. In most cases regarding facebook, it has several limitations. Typically, malware or its author has to trick a user into clicking a link or install an application; it doesn't magically appear. Most malware (that doesn't exploit a software vulnerability) will only have the same rights of the user that was tricked into executing it. When it comes to facebook, there are granular security settings that "jail" an application so it can only perform the actions that you explicitly allow.

Tip 2.) Take few seconds to look at the various permissions that the application you are thinking of installing is asking for and if you don't know what that permission is, google it or flip through facebook's copious privacy settings documentation. It is truly eye opening to see the things that you might allow with a hasty click.

A large number of malware authors spend about 99% of their time crafting the devious (fun) portion of their code and about 1% on their delivery method. Many malware authors just play the law of averages and figure if they ask a million people: "Will you click this?", at least a few hundred/thousand will (and they do) so why should they bother, for example, proofreading their text (which was probably something that anyone can tell was simply run through Google Translate without being checked) or spending time creating images, etc?  (After all, by the time the victim sees their trojan app's text/images, it's too late anyway.)

Tip 3.) Don't use applications that use wording that looks like it was poorly translated or content that appears thrown together. Again, there is no silver bullet for malware but you can prevent getting tricked by impatient amateurs, who comprise the lion's share of malware authors.

Tip 4.) Figure out whose opinion you trust regarding malware/security and ask for help. If you don't know anyone, look for admins.

If you feel you have been hacked/compromised, and cannot determine the source of the problem well enough to undergo a better-tailored cure, consider the below the best possible advice even for a BAD breach (I call it "Facebook Malware Penicillin!"):

1.) Change the password on the email account that you use to login to Facebook.

2.) Change the password on your Facebook account (not the same password as your email!).

3.) Look through your application permissions and edit permission - or remove! - applications that look sketchy (poorly designed, translated, etc.) or that are asking for information or permissions it has no place asking for (as well as the applications that you simply no longer use).

• Go to "Account" in the upper right-hand of Facebook, at the end of the blue bar.
• Select "Privacy Settings."
• Under "Apps and Websites" to the lower left, select "Edit your settings."
• In the top "Apps you use" area, select "Edit settings" or "Remove" (both take you the same place).
• Select "Edit Settings" or "Remove" (the "x" to the right-hand side) for the apps you want to edit/remove.

But don't remove VDS!  ;-)

4.) Touch base with admins or other security geeks that you trust.  Describe your situation to someone with expertise in security and coding.  Be able to explain clearly what the problem was and what steps you've taken so far.