According to Cisco 2010 Midyear Security Report, they found that employees accessing Facebook games at work would cause devastating consequences as companies are at risk due to the online criminals are believed to be developed ways to deliver malware via these games.

As a result of the study, Cisco found that 7 percent of Facebook users of its customers spend an average of 68 minutes per day playing the popular interactive game FarmVille from Zynga. Mafia Wars was the second most popular game; with 5 percent of employees racking up to 52 minutes of play daily. Café World, another popular game, played by 4 percent of Facebook users, accounted for 36 minutes of wasted time at work per day, see the below picture.

The study also uncovered a number of interesting suggestions, which led to the create of explicit policies governing the use of games at work. However, the study did not suggested the ban of accessing Facebook games at work since this may damage workers’ ability to collaborate and communicate in a changing business environment. Moreover, playing Facebook games at work means that the loss of productivity, but it is not a security threat.

Nevertheless, the trends of playing Facebook games at work point to a need for better protection against the security risks. This is due to another data which shows that 50 percent of end users admitted that they ignore company policy prohibiting use of social media tools at least once a week, and 27 percent said they change the settings on corporate devices to access prohibited applications.

To read more about the Cisco study, click here for the PDF copy.

Panda Labs has detected a new Bredolab variant masking itself as the “Facebook Password Reset Confirmation! Support Message.” As shown in the below picture, you’ll notice that the From in the email is labeled as “Facebook Manager” and typically, the sender address is spoofed.

The attachment is entitled as Facebook_document_Nr8527.zip and if you’re open this kind of the attached document for the password reset, your computer is vulnerable to be affected by malware.

In fact, the malware is known as Bredolab.AX and has been discovered in October 2009 by Avira, one of the leaders in Internet security field.

Simple put, Bredolab is a trojan horse that downloads and causes some side effects such as downloads a malicious file. Furthermore, the file gets executed after it was fully downloaded on victim’s computer.

Suffice it to say: If you receive any email like this, delete it straight away.

Picture:

Source: available at http://support.pandasecurity.com/forum/viewtopic.php?f=160&t=3232, accessed April 30, 2010

Some said this year 2010 is the year of spam, as the networking gurus at Cisco predicted that worldwide spam volumes will increase by 30 or 40 percent over 2009 levels; see the PDF report here.

Apart from simply reading the report or get ready to the spamming challenges, Facebook has announced that they have fixed one of the bugs spotted, although it was not the most notorious spam attacks like Koobface. This bug namely as “Unnamed App” and the past days many Facebook users have even posted their status updates to make other users aware about it.

A latest update, Facebook officials told CNN that the bug wasn’t harmful and is fixed. Facebook spokesperson Malorie Lucich said that the bug was fixed by January 27 afternoon.

“Due to a small bug, an application listed as “Unnamed App” appeared in some users’ Applications Settings. No user accounts or data were lost or damaged,” according to Lucich.

Are you one of those users who is always figuring out how to view other Facebook users’ private profiles? Call it curiosity, call it paranoia, you’re a stalker, right! Or you do it for a good reason, because you suspect your girlfriend is dating with a guy and you want to check out her Facebook profile for evidence.

Regardless your reason, whether moral or not, there’s still hope if you believe Facebook will not patch up the security flaw. In the meantime, the bad guys showed us yet again how aware they are of human psychology, and how ready they are to exploit the curiosity of human being.

There is a piece of Windows-based software called Facebook Agent offers the curios, or the paranoia to view other users’ private profiles. Of course, Facebook Agent is asking you to download the software and remember, there’s no such thing as a free lunch these days. In other words, if the software is exceptional good, I doubt they won’t charge a premium for the users to use it.

In this case, users are advised to be wary of using free software from the unknown source, so DON’T download Facebook Agent. Many users downloaded the software and concluded yes it is a Malware, as shown in the tweets. Additionally, two bloggers also provide screenshots, click here and here for further technical details.

Scammers never give up, although various sorts of phishing scams have been blocked by Facebook. It seemed that the more serious one appears to be the fake email with the malicious “updatetool.exe attachment”, as reported by Webroot, an established security experts on the Web.

This fake email is pretends to be from the Facebook administrators. If the victim chooses to go further, he or she will end up at a spoof Facebook login page which prompts users to reveal his / her Facebook password as well as download the file attachment. The message in the fake email itself claimed that the user’s Facebook profile password was reset. In order to retrieve the password, a user need to download and open the attachment. In fact, the file attachment, i.e. “updatetool.exe” is actually the Zeus trojan, a trojan from the Bredolab family.

If you come across similar email in your inbox, straight away delete the fake email. Never fill in secret information on suspicious sites, other than the Facebook homepage, i.e. https:www.facebook.com and avoid downloading the file attachment shown in below.

Online criminals are increasingly targeting at Facebook. So guys, if you’ve received any message that contain the following message subjects, please “do not” open it or proceed according to what the message told.

The message is served as a bait which offer malicious link and if you click on it, it’ll redirect you to a bogus Facebook site and you’ll be prompted to install a virus file in the form of a fake “Adobe_Player11.exe”, according to a report by websense.

FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance … (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party

Although the message subject seemed to be appealed to most of the Facebook users, especially male users when first encountered it. But you know you’ll be safe if you ignore such message, and refrain yourself from clicking any URL link within the message, even it is out of your curiosity. Generally, these kind of messages are known well to elicit our emotions, in this case joy, and curiosity.

Another warning: Don’t let this kind of message trick you into clicking the link and install the file. It is due to the virus might not be detected by your anti-virus software installed on your PC or laptop, according to an analysis done by VirusTotal.

Picture 1:

Picture 2:

I’m not sure whether this is a good sign for the Facebook and its users. More security issues would mean that Facebook is large enough as a viable target for the spammers or scammers. And on the other end, the new Koobface worm as reported by TrendMicro security blog more or less helped the users be prepared “not to” download any software that prompted on the site. This is due to the same bait can’t work twice to the same people as this malware is being promoted in a similar manner as happened before in August 2008.

Here’s another good news: Despite the ongoing malware attack on Facebook, the issue will be resolved. Trust Facebook.

Secure Computing Corporation has compiled the Quarter 3, 2008 Internet Threats Report (PDF) containing statistical data and analysis covering both email and Web-based threats. Among the findings of the report, Q3 saw the emergence of the new malware targeting users of the popular social networking sites such as MySpace and Facebook.

The worm misuses the functions of these popular sites by posting comments and sending messages like

• “Paris Hilton Tosses Dwarf On The Street”,
• “OMG!!! This is you on hidden cam”,
• “You must see it!!! Funny video clip” or
• “Funny cartoon! I think its FAKE!! What do you think about this?”

to everyone on your contact list.

DO NOT click on any link in these messages if you come across the aforesaid.