<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
span.balloontextchar0
{mso-style-name:balloontextchar;
mso-style-priority:99;
font-family:"Tahoma","sans-serif";}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Century Gothic","sans-serif";
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:navy;}
span.EmailStyle22
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>This is long but may be of use to some who are not familiar with Facebook.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>This came from my Wife employers IT department.<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Bob Rogers \ </span></i></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Information Systems Security Analyst</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'><a href="mailto:Bob_rogers@bshsi.org"><span style='color:gray'>Bob_rogers@bshsi.org</span></a></span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Bon Secours Health System, Inc.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'> <br>1505 Marriottsville Rd.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> <br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'>Marriottsville, MD 21104-1301</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> <br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'>410-442-3202</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:silver'><o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#1F497D'>Richard Kreiss<br>GCC Consulting<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;color:#1F497D'>rkreiss@gccconsulting.net<br> </span><span style='color:#1F497D'> <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Kreiss, Susan [mailto:Susan_Kreiss@bshsi.org] <br><b>Sent:</b> Wednesday, March 09, 2011 11:49 AM<br><b>To:</b> Richard Kreiss<br><b>Subject:</b> FW: Facebook Malware and virus infections<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'>I guess you are right, but Facebook is becoming so much a part of life I don’t think we can avoid it forever.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif";color:navy'><o:p> </o:p></span></p><div><div class=MsoNormal align=center style='text-align:center'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><hr size=2 width="100%" align=center></span></div><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Rogers, Bob <br><b>Sent:</b> Wednesday, March 09, 2011 10:14 AM<br><b>To:</b> All HSO Employees<br><b>Subject:</b> Facebook Malware and virus infections</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Ladies and Gentlemen;<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>This is an excerpt from a security site I visit, and is a rather long e-mail, but the information contained could prove valuable to you if you use Facebook, either as part of your job at BSHSI, or at home. <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-family:"Century Gothic","sans-serif"'>Facebook Malware and virus infections<o:p></o:p></span></b></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>I’ve seen a lot of Facebook malware and virus infections spreading though my friends list lately, and after publishing a brief Facebook note about how to stay safe, I decided it might be better to cover the topic again for a broader audience. Facebook Malware and virus infections take on many forms, but ultimately it involves interaction with a malicious application that can manipulate your account or spam your friends.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Many of these applications appear to be completely harmless – in fact; some are designed specifically to mimic the appearance of legitimate Facebook applications like photo notifications or wall posts. It’s natural to be curious when somebody tags a photo of you, so your first instinct is to click the link before thinking about where it will be taking you.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>The bad stuff happens after you’ve clicked the link. Typically, you are required to authorize all applications before they can interact with your account, but I have seen one in particular that seemed to automatically approve itself just by clicking on a link.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Once a malicious Facebook malware or virus application has been approved, several things can happen. Best case scenario: the application will spam your friends and only be a mild nuisance. Worst case: the malware could steal your personal information, monitor your activity, or spread viruses and trojans to your friends (and even use your identity to do it).<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>This guide will help you identify Facebook malware so you can avoid infection and will also provide tips on how to remove malware once you’ve been infected.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>What to Watch Out For<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>One example of Facebook malware I’ve recently observed are fake notifications that say somebody has “posted something on your wall” or “tagged a video of you”, which you can see in the image below. Notice that the icon next to the notification appears strange, but many malicious applications utilize standard notification icons which makes them hard to spot.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>These applications also typically bear unassuming names like “Comments” or “Livefeed” which sound similar enough to features currently used on Facebook that they do not arouse much suspicion.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If you click a notification and are taken to a page asking for access to your profile, the most important thing to remember is never click allow. Most Facebook malware can only interact with your account if you click the allow button, so only click it if you are absolutely sure you want to use the application.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If you see a suspicious notification and want to verify its legitimacy, visit your profile directly by clicking the Profile button at the top of Facebook rather than clicking the link in the notification. If you can’t find a corresponding post on the wall, click the X on the false notification and select “Report Spam” immediately.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>What to Do If Infected<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If you happened to click a strange link on Facebook or accidentally allowed an application that appeared to be malicious, follow these steps right away to revoke its access and protect your account.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Click the Applications button in the bottom left corner of Facebook and select Edit Applications.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If you have the new version of Facebook, this option can be found under Account (in the top right) then click Application Settings.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Try to locate the application you interacted with. In my case, it was a fake application called “Comments”, but I’ve seen others listed as “Feed”. Click the X to the right of the application then click “Remove” to disable it.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'> <o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>The application will no longer be able to interact with your profile once you have removed it this way.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Extra Precautions<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>It doesn’t hurt to follow the steps in the previous section even if you think you haven’t been infected. Browse through your list of applications that have access to your profile and remove any that you are not currently using.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If you see fake notifications from a friend, you can manually block that application to make sure you aren’t accidentally infected. To do this, visit the application’s homepage on Facebook (remembering not to click the Allow button) and click Block Application. This will completely stop the application from interacting with your profile at all.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>When you receive a fake notification from a friend, let them know about it right away and have them follow the steps presented in this guide. The longer they are infected, the more time the malicious application will have to spread itself.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Best Practices<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Malicious applications won’t always follow the methods I’ve described in this article, so the best defense you can have is to always be aware of your digital environment. I’ll leave you with a few tips for staying safe on social networks:<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Don’t assume links and messages from friends are safe: Malware often takes advantage of the fact that you trust your friends. Keep an eye on links and messages from friends, and if in doubt, ask them if they actually sent you something. Most of the time they will have no idea their account has been spamming their friends.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Watch the links you click: Fake applications put a lot of effort into looking legitimate, but many of them still carry tell-tale signs of being malicious. If you’re suspicious of a link, hold your mouse over it and look at the URL in your browser’s status bar. If the URL looks strange (i.e. long strings of random characters or pointing to a site outside of Facebook), think twice before clicking it.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Expand shortened links: Short links are very popular on social networks, making it easier to share URLs. The downside is that you don’t necessarily know where the link will take you, so consider previewing your short URLs before clicking.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>If it’s too good to be true, it probably is: If see a link or message on Facebook that claims you can monitor who views your profile or provide other enticing information, there’s a good chance it’s a trap trying to lure you in.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'>Stay updated – Many applications exploit vulnerabilities in your browser or operating system to gain access to your information. Stay safe by keeping your browser up-to-date and installing operating system updates when they are released.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Century Gothic","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Regards,</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><b><i><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Bob Rogers \ </span></i></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Information Systems Security Analyst</span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'><a href="mailto:Bob_rogers@bshsi.org"><span style='color:gray'>Bob_rogers@bshsi.org</span></a></span><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'><br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Bon Secours Health System, Inc.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'> <br>1505 Marriottsville Rd.</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> <br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'>Marriottsville, MD 21104-1301</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> <br></span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:gray'>410-442-3202</span><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:silver'> </span><span style='font-size:12.0pt;font-family:"Times New Roman","serif";color:silver'><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:5.0pt;margin-left:0in'><i><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:blue'>Success is a ladder you cannot climb with your hands in your pockets.</span></i><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:blue'> ~American Proverb </span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:5.0pt;margin-left:0in'><i><span style='font-family:"Arial","sans-serif";color:green'><img border=0 width=251 height=67 id="Picture_x005f_x0020_1" src="cid:image002.jpg@01CBDE4F.FDA91390" alt="Description: green"></span></i><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:5.0pt;margin-left:0in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:blue'>Need Technical support? Please open a HEAT ticket.</span></b><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:5.0pt;margin-right:0in;margin-bottom:5.0pt;margin-left:0in'><span lang=FR style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:blue'>E-mail: </span><span style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:blue'><a href="mailto:eissc@bshsi.org"><span lang=FR>eissc@bshsi.org</span></a></span><span lang=FR style='font-size:10.0pt;font-family:"Verdana","sans-serif";color:blue'> Phone: 866-809-9259</span><span lang=FR><o:p></o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span lang=FR style='font-size:12.0pt;font-family:"Times New Roman","serif"'><o:p> </o:p></span></p></div></body></html>