Facebook responds to security warnings

Facebook security chief Max Kelly has assured members in a blog post that the social network is "fighting the good fight" when it comes to several malware attacks discovered on the site in recent days.

"We spent most of last night working on a fix for a worm, which was targeting people on Facebook and placing messages on walls urging users to view a video that pretends to be hosted on a Google or YouTube Web site," Kelly wrote. "Less than .002 percent of people on Facebook have been affected, all of whom we notified and suggested steps to remove the malware."

The worm was first flagged by security firm Sophos, just days after another one had been identified by Kaspersky Labs.

Kelly said Facebook appreciates the efforts of watchdogs. "If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible," he wrote. "In fact, we appreciate it when help comes our way from the many security experts and organizations out there."

Sophos and other security firms have warned that social networks such as Facebook and MySpace are particularly rife breeding grounds for security attacks: they have massive user bases, plenty of outside developers working on the site, and lots of ways (messages, wall posts) to spread malware to unwitting members.

Facebook recommends that members follow a few basic security measures: report spam postings, install the proper Mac or Windows software in the event of a malware infection, and never share your Facebook password.

That last piece of advice will be tougher for Facebook to recommend as Facebook Connect, which lets external sites use Facebook login credentials, grows more commonplace.