Facebook laptops compromised by malware

By Stuart Sumner
18 Feb 2013 View Comments

Facebook has admitted that laptops belonging to its employees were recently infected by malware, blaming a zero-day Java exploit for the incident.

Users of the social network will be concerned that their private data may have been compromised in this attack, although for the moment Facebook insists that this did not happen.

Further reading

"Last month, Facebook Security discovered that our systems had been targeted in a sophisticated attack. This attack occurred when a handful of employees visited a mobile developer website that was compromised," said Facebook's security team in a blog post.

"The compromised website hosted an exploit which then allowed malware to be installed on these employee laptops. The laptops were fully-patched and running up-to-date anti-virus software. As soon as we discovered the presence of the malware, we remediated all infected machines, informed law enforcement, and began a significant investigation that continues to this day."

This admission comes just weeks after Oracle's head of Java security, Milton Smith, assured users of the software that the vendor will fix its security issues and improve communication efforts.

Facebook said that it initially noticed that it had been subject to an attack when it found that a untrustworthy domain had been accessed from within the corporate perimeter.

"In this particular instance, we flagged a suspicious domain in our corporate DNS logs and tracked it back to an employee laptop. Upon conducting a forensic examination of that laptop, we identified a malicious file, and then searched company-wide and flagged several other compromised employee laptops," the blog continued.

"After analysing the compromised website where the attack originated, we found it was using a 'zero-day' (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability."

The social network added that other sites have also been infected by the same malware, but claims that it was one of the first to discover it.

"Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means."

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %