"Ex-Girlfriend" Facebook worm: Check!
Nick O'Neil of AllFacebook.com recently reported that his Facebook wall was compromised by a new worm: the "Ex-Girlfriend" worm. Using some CSS and IFrame wizardry, the worm can post on your own wall in your own name, without you knowing it. Here's an example of Nick's wall:
You can protect your Facebook wall and pages from this worm by installing the Defensio Facebook application. Get started here...
Introducing Defensio 2.0
Security for the Social Web
After months of hard work, it is my extreme pleasure to introduce Defensio 2.0 - the first and only complete security suite for the social web.
A number of new features now make Defensio the most advanced spam and malicious content detection service for the web. These features include:
- Spyware, malware, phishing and other types of malicious content detection
- URL blocking by category
- Profanity detection and filtering
- Script and executable blocking
- Enhanced statistics
- Asynchronous API (faster and non-blocking filtering)
Thanks to Websense's Threat Seeker Network, Defensio can now detect and block much more than just spam, offering you the absolute best protection for your website.
Screencast
We prepared a screencast where you can see of the new Defensio 2.0 features. Click to see more...
Wordpress
The Wordpress plugin has been updated to leverage the new features we are introducing today. Upgrade today!
Pixelpost
Thanks to Dennis Mooibroek, Pixelpost now also supports Defensio 2.0. You can download the latest version of the Pixelpost plugin on our website.
Facebook Protection
A few months ago, we started noticing that a lot of spam, profanity, malware and malicious content was making it onto personal and corporate Facebook pages. We knew we had to do something about it. Our response to this growing problem is the first ever Facebook security suite. This is also launching today!
Once Defensio for Facebook is installed, we will constantly monitor your page for possibly unwanted content. Should we find something suspicious, we will alert you. This Facebook application works with any kinds of pages, including personal and corporate profiles, group pages and fan pages.
To install Defensio for Facebook, simply create an account at http://defensio.com/signup. If you already have a Defensio account, log in, then in the control panel, click "My API keys", then "Protect another web property".
Other platforms
More platforms will support 2.0 very soon. Defensio 1.x remains available and software using our old API will keep working as usual.
New Developer API
We love our developers, and we made sure not to leave them out in the cold. Defensio 2.0 ships with a brand new and improved asynchronous RESTful API! The new API features:
- Asynchronous (or synchronous) for fast, non-blocking calls to Defensio
- Optional web hook for asynchronous calls
- Entirely RESTful
- More generic wording, making it less targeted towards blogs and easier to use in a wider range of web applications
- New actions for profanity filtering and enhanced statistics
- Content classification (spam, malicious, innocent)
See the API 2.0 documentation for more details.
We're also releasing many 2.0-ready developer libraries for PHP, Ruby, Python and Perl. This should make your life easier when upgrading your application to Defensio 2.0. You can find them in the "downloads" section of our website.
Conclusion
I hope you're as excited as we are about the second coming of Defensio. Let us know what you think!
Prominent blogger's website compromised
Famous writer and blogger Paulo Coelho had quite a bad surprise this morning when he found out that his blog had been compromised and was proudly advertising Valium.
His website has since been cleaned up, but the spam was there long enough for Google to pick it up.
This is just a reminder. Keep your Wordpress up to date and use a anti-spam & malware service like Defensio. Better be safe than sorry!
Twitter Spam: Is It Just Me Or…
Is it just me, or spam on Twitter has been growing exponentially recently? I've always been getting the occasional good-looking-not-very-dressed new follower notification by email, but recently, I've been receiving @ messages like this:
What is your experience with this? What kind of spam are you seeing on Twitter? Is there anything Defensio could do to make your life better on Twitter?
Quarter Million Malicious Facebook Posts
A word of caution to Facebook users: be careful when clicking links on Facebook, even if they're on your friend's page or your favorite superstar's page.
We have detected a malicious campaign that is quickly spreading on Facebook. The malware has very low anti-virus coverage and can be found on prominent Facebook pages such as ones belonging Justin Timberlake (2.1 million fans) and a few others. If you use Facebook and are worried about this, we have a Facebook app that solves this problem (read on). If you are a customer, yes - we stop this at the gateway in real-time.
To get an idea of how fast this link is being shared on Facebook (measured in seconds!), here's a video:
This is what the malicious campaign looks like (WARNING: Do *not* attempt to go to the link - your computer may get infected):
The malicious link isn't spreading through high profile names only, but also "long tail" relatively popular Facebook pages.
Virustotal shows a < 15% anti-virus detection rate.
We also detected that this campaign is also spreading on Twitter:
If you're using Websense Defensio Facebook app , you are notified via email when someone posts something malicious on your Facebook page:
Websense Messaging and Websense Web Security customers are protected against this attack.