According to the blog of Max Kelly, head of security at Facebook, “the security team at Facebook is dedicated to investigating and auditing our own code for holes, as well as reaching out to people in an extended community to let us know if we've missed anything.”
Kelly also reported that less than .002 percent of Facebook users were affected by the worm, and those who were infected were notified.
Matt Sergeant of MessageLabs, a messaging security firm, told SCMagazineUS.com on Friday that Facebook and the other social networking sites are doing a good job to solve the problem.
“They seem to be proactive at dealing with the situation and have shut it down fairly quickly,” Sergeant said. “They have their own anti-spam service within the system, and that's what helped it from spreading far and wide.”
Security experts, however, weren't surprised by this worm attack. Adam O'Donnell, director of emerging technologies at Cloudmark, an email security company, told SCMagazineUS.com that social networking sites have essentially become like operating systems.
“The issues we saw on PCs 10 or 15 years ago, we're now seeing on social network platforms,” he said. “Unless social networks are careful, they will be facing the same spam-type issues that we see in email spam.”
O'Donnell added that the big challenge for the sites is to accept user-generated content that won't do anything malicious to the website.
“What happened over the past few days is an example of this,” he said. “Someone created a piece of web code that looked like any standard user-generated content, but it propagated itself across the network.”