Facebook worm: The company fails to protect or help its users

The recent clickjacking worm on Facebook demonstrates the social networking site's uncaring incompetence

One by one, the emails came from Facebook: So-and-so has posted on your wall. As so-and-so is a relative, I stopped what I was working on, looked at my Facebook wall, and found an obvious (to me) malware attack -- a meaninglessly general hook followed by a shortened link. Uh oh. I deleted the post and emailed so-and-so, who quickly got her techie husband to fix the infected account.

Then the emails started coming from my 88-year-old father's account. Double uh-oh. I looked at his home page and discovered that the infection, unchecked, was constantly posting to all of our relative's walls.

[ Also on InfoWorld: Facebook has proposed one security solution: Require developers to have verified accounts. Will it help? | Learn how to secure your systems with Roger Grimes' Security Adviser blog and newsletter, both from InfoWorld. ]

I quickly made a Jing video about how to delete a suspicious wall post and sent it to all my relatives with Facebook accounts. That helped for about an hour.

The emails kept coming, with varying content, and so did Facebook chat attempts with similar patterns, ostensibly from my father's account -- which he wasn't using. I scoured Facebook for information on how to fix or report the infection of someone else's account. I found what I was looking for deep in the Facebook help, sent off the full information, and got back an automated and useless response:


Thank you for your report. For privacy and security reasons, we cannot provide any additional information about your friend's account at this time. Please have the account owner view the Security section of Facebook's Help Center and select the contact form that most accurately describes their situation:

- Information on Hacked Accounts: http://www.facebook.com/help.php?page=420

You should also let the account owner know that they will need to contact us from either the login email address associated with their account or a secondary email address they own.


The Facebook Team

The emails still kept coming, until finally I de-friended my dad's account and suggested that my relatives do the same. Then I sent my dad an email offering to help him decontaminate the page using instructions from a security expert at Sophos, which I found online. When I called him on the phone to discuss this, he declined: He had decided that Facebook was more trouble than it was worth, and he was going to try to delete his account entirely.

Good for him. If I didn't have so much content on Facebook, I would do the same in a heartbeat. It's clear that privacy issues aren't Facebook's only deficiency.

What about you?

This story, "Facebook worm: The company fails to protect or help its users," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.

Copyright © 2010 IDG Communications, Inc.

How to choose a low-code development platform