by Constantine von Hoffman

Weekly Cybersecurity Roundup: Special Facebook Edition

May 18, 20123 mins

This week's IT security roundup is a special Facebook edition, with stories on Facebook's attempt to stop a rampant worm; the doctor/patient Facebook relationship; how you should always remember to log out of Facebook when robbing an Internet cafe; and more.

Buying stock in a company with a price-to-earnings ratio of 100+? That sounds like a good idea to you? Really? Well, I’ve got a bridge and some tulip bulbs I’d like to sell you, so give me a call...

Facebook Sends Cease-and-Desist Order to Stop LilyJade Plugin: The ridiculously popular social media site is trying to stop the LilyJade worm, which spreads via an application that runs seamlessly as a plugin across multiple browsers and operating systems. The worm spreads via a link to a video that’s posted on users’ Facebook walls. People who follow the link are told they need to install the plugin to view the video. As Brian Krebs explains:

Users who install LilyJade will have their accounts modified to periodically post links that help pimp the program. The goal of LilyJade is to substitute code that specifies who should get paid when users click on ads that run on top Internet properties, such as,,,, and In short, the plugin allows customers to swap in their own ads on virtually any site that users visit.

Dru Mundroff, the man who created LilyJade, is openly selling it to interested parties for $1000. Facebook sent Mundroff a cease-and-desist letter, but he says he plans to ignore it–he also used much more colorful words.

Doctors Told to Stay Away from Patients on Facebook: Stanford University School of Medicine sent a letter to graduating doctors asking them to refrain from connecting with patients on social media sites like Facebook. The letter also suggests doctors change their privacy settings on Facebook to ensure a high level of online privacy. The school is just one of several medical organization that have issued similar warnings due to doctor-patient confidentiality concerns.

Funniest Facebook Security Fail of the Week: Two men robbed an Internet café in Cali, Columbia, last week. After spending some time browsing the Web in the cafe, the men went to the cashier as if to pay for the Internet service, but instead brandished a gun and assaulted the manager before riding away on a stolen motorbike with all of the money in the register. However, when the authorities arrived a café manager pointed out that one of the robbers had not logged out of Facebook–and it took no time at all to identify the assailant and determine his home address. D’oh.

Now for some non-Facebook-related items…

HULK DDoS Tool Smash Web Server, Server Fall Down:* A new attack tool called HULK (HTTP Unbearable Load King) takes a new approach to DDoS attacks. HULK generates a huge amount of unique requests that are designed to prevent server defenses from recognizing a pattern and stop them from filtering the attack traffic. Typically DDoS attacks overwhelm servers with a massive load of TCP SYN requests or other predictable packets.  *Brilliant headline stolen verbatim from Threatpost.

Online Romance Scams Cost Victims at Least $50 Million: The Internet Crime Complaint Center (IC3) says online lovelorn fraud cost Americans at least $50 million last year. And the real number is almost certainly higher because the IC3 – a partnership of the National White Collar Crime Center, the U.S. Department of Justice’s Bureau of Justice Assistance and the FBI – based these numbers only on complaints it received last year. Out the 314,246 total complaints 5,663 were romance-related. “On average, each victim reported a loss of $8,900. At a rate of 15 complaints received per day, these scams saw daily reported losses of roughly $138,000, or more than $5,700 every hour.” That’s an expensive date.