We have detected a malicious campaign that is quickly spreading on Facebook. The malware has very low anti-virus coverage and can be found on prominent Facebook pages such as ones belonging Justin Timberlake (2.1 million fans) and a few others. If you use Facebook and are worried about this, we have a Facebook app that solves this problem (read on). If you are a customer, yes - we stop this at the gateway in real-time.

To get an idea of how fast this link is being shared on Facebook (measured in seconds!), here's a video:

This is what the malicious campaign looks like (WARNING: Do *not* attempt to go to the link - your computer may get infected):

The malicious link isn't spreading through high profile names only, but also "long tail" relatively popular Facebook pages.

Virustotal shows a < 15% anti-virus detection rate.

We also detected that this campaign is also spreading on Twitter:

Websense customers who click this link are protected from it:

If you're using Websense Defensio Facebook app , you are notified via email when someone posts something malicious on your Facebook page:

Websense Messaging and Websense Web Security customers are protected against this attack.

You can protect your Facebook wall and pages from this worm by installing the Defensio Facebook application. Get started here...

After months of hard work, it is my extreme pleasure to introduce Defensio 2.0 - the first and only complete security suite for the social web.

A number of new features now make Defensio the most advanced spam and malicious content detection service for the web. These features include:

• Spyware, malware, phishing and other types of malicious content detection
• URL blocking by category
• Profanity detection and filtering
• Script and executable blocking
• Enhanced statistics
• Asynchronous API (faster and non-blocking filtering)

Thanks to Websense's Threat Seeker Network, Defensio can now detect and block much more than just spam, offering you the absolute best protection for your website.

Screencast

We prepared a screencast where you can see of the new Defensio 2.0 features. Click to see more...

Wordpress

The Wordpress plugin has been updated to leverage the new features we are introducing today. Upgrade today!

Pixelpost

Thanks to Dennis Mooibroek, Pixelpost now also supports Defensio 2.0. You can download the latest version of the Pixelpost plugin on our website.

Facebook Protection

A few months ago, we started noticing that a lot of spam, profanity, malware and malicious content was making it onto personal and corporate Facebook pages. We knew we had to do something about it. Our response to this growing problem is the first ever Facebook security suite. This is also launching today!

Once Defensio for Facebook is installed, we will constantly monitor your page for possibly unwanted content. Should we find something suspicious, we will alert you. This Facebook application works with any kinds of pages, including personal and corporate profiles, group pages and fan pages.

To install Defensio for Facebook, simply create an account at http://defensio.com/signup. If you already have a Defensio account, log in, then in the control panel, click "My API keys", then "Protect another web property".

Other platforms

More platforms will support 2.0 very soon. Defensio 1.x remains available and software using our old API will keep working as usual.

New Developer API

We love our developers, and we made sure not to leave them out in the cold. Defensio 2.0 ships with a brand new and improved asynchronous RESTful API! The new API features:

• Asynchronous (or synchronous) for fast, non-blocking calls to Defensio
• Optional web hook for asynchronous calls
• Entirely RESTful
• More generic wording, making it less targeted towards blogs and easier to use in a wider range of web applications
• New actions for profanity filtering and enhanced statistics
• Content classification (spam, malicious, innocent)

See the API 2.0 documentation for more details.

We're also releasing many 2.0-ready developer libraries for PHP, Ruby, Python and Perl. This should make your life easier when upgrading your application to Defensio 2.0. You can find them in the "downloads" section of our website.

Conclusion

I hope you're as excited as we are about the second coming of Defensio. Let us know what you think!

His website has since been cleaned up, but the spam was there long enough for Google to pick it up.

This is just a reminder. Keep your Wordpress up to date and use a anti-spam & malware service like Defensio. Better be safe than sorry!

What is your experience with this? What kind of spam are you seeing on Twitter? Is there anything Defensio could do to make your life better on Twitter?

A worm that can post malware and spam to vulnerable Wordpress installations has recently been discovered in the wild and unless you're running the very latest version of Wordpress, you are at risk. Seriously at risk.

The vulnerability allowing the attack was discovered August 11 and was immediately fixed by the Wordpress team in the 2.8.4 security release. If you are using version 2.8.4 or better of Wordpress, or host your blog on Wordpress.com, you are safe.

The newly discovered worm is pretty sneaky to say the least. In a nutshell, it crawls the web looking for vulnerable Wordpress installations, makes itself an administrator account, takes full control of the website and posts malware and spam to it. It's also been reported that it will sometimes disable Defensio and other anti-spam plugins. It can be very hard to detect the new malicious administrator user since it hides itself from the users list using Javascript.

Bah... This stuff never happens to me!

If rock star blogger Robert Scoble can be hacked, you probably can as well. This vulnerability is serious, so please treat it as such.

Have I already been hacked?

As Lorelle VanFossen wrote on her blog:

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER %5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize. You will probably be unable to access that account, but Journey Etc. has a possible solution.

How do I prevent my site from being targeted?

It's easy. Upgrade. If you are using a somewhat recent version of Wordpress (2.7+), upgrading is easy since the functionality is now built-in. But if you are not, you should take a look at the excellent InstantUpgrade plugin which makes upgrading Wordpress a single-click operation.

If you have already been hacked, you will need to delete the malicious admin user as well. Changing all your passwords is also strongly recommended.

You might also want to check out How to Keep Wordpress Secure and the My Site Was Hacked FAQ.

How can I keep my Wordpress blog safe in the future?

Wordpress is generally a safe platform. However, we recommend that you always use the latest and greatest version to make sure that all known security exploits are patched. You should also make sure that your passwords are not easily guessable, either by a human or a machine. A password of at least 8 characters which includes at least 1 uppercase, 1 lowercase and 1 digit is generally considered "strong". Following @defensio, @websenselabs and @wordpress on Twitter is also a good way to stay up to date.

Download it here: Defensio Module for Drupal

At Defensio, we see all kinds of crazy and innovative spam each day. But recently, something we never thought we'd ever see showed up on our radar: a significant influx of VIDEO spam, most of it hosted on YouTube.com. I guess this just shows how far spammers are ready to go to sell their junk.

Here's a screenshot...

What do you think will be the next trend in spam?

This is obviously a big day for us and we are very excited to be teaming up with one of the Internet's leading security companies.

So what does this mean for you, our beloved users?  You can take comfort in knowing that that we currently have no plans to change the existing service -- so just go ahead, keep using Defensio and keep spreading the good word.  It is definitely here to stay and will remain free for personal bloggers.

Websense has developed some revolutionary technology that we will be able to leverage in the very near future. This means more effective spam filtering for you and some headaches for the bad guys. We'd like send out a huge thanks to everyone (users, developers, bloggers) that has contributed to making Defensio what it is today. Without you, none of this would have been made possible.  THANK YOU!

If you have not started using our API yet, there has never been a better time to take the plunge. Now with Websense in our corner, the Defensio of tomorrow will be even better!

See the official announcement from Websense.

If you're using the release candidate of WordPress 2.7, you can upgrade to Defensio for WordPress 2.0 through the "plugins" page of your WordPress installation, or simply by downloading the archive here.

Please note that WordPress 2.7 is not yet released and some things may change.  You can count on us to do our best at keeping up with our friends in San Francisco.

This release is the first public release for WP 2.7 and while it has been extensively tested, a few things may break with 2.7 or with "legacy" versions of WP. If you experience problems, please report them to us.  

Please note that we also deprecated support for versions of WordPress older than 2.3.  It may still work, but we don't support it.  If you're in this situation, it might be a good idea to upgrade your WordPress installation.

Hope you enjoy this new release!