A word of caution to Facebook users: be careful when clicking links on Facebook, even if they're on your friend's page or your favorite superstar's page.

We have detected a malicious campaign that is quickly spreading on Facebook. The malware has very low anti-virus coverage and can be found on prominent Facebook pages such as ones belonging Justin Timberlake (2.1 million fans) and a few others. If you use Facebook and are worried about this, we have a Facebook app that solves this problem (read on). If you are a customer, yes - we stop this at the gateway in real-time.

To get an idea of how fast this link is being shared on Facebook (measured in seconds!), here's a video:

This is what the malicious campaign looks like (WARNING: Do *not* attempt to go to the link - your computer may get infected):

The malicious link isn't spreading through high profile names only, but also "long tail" relatively popular Facebook pages.

VirusTotal shows a < 15% anti-virus detection rate.

We also detected that this campaign is also spreading on Twitter:

Websense customers who click this link are protected from it:

If you're using Websense Defensio Facebook app , you are notified via email when someone posts something malicious on your Facebook page:

Websense Messaging and Websense Web Security customers are protected against this attack.

Nick O'Neil of AllFacebook.com recently reported that his Facebook wall was compromised by a new worm: the "Ex-Girlfriend" worm. Using some CSS and IFrame wizardry, the worm can post on your own wall in your own name, without you knowing it.  Here's an example of Nick's wall:

You can protect your Facebook wall and pages from this worm by installing the Defensio Facebook application. Get started here...

Security for the Social Web

After months of hard work, it is my extreme pleasure to introduce Defensio 2.0 - the first and only complete security suite for the social web.

A number of new features now make Defensio the most advanced spam and malicious content detection service for the web. These features include:

• Spyware, malware, phishing and other types of malicious content detection
• URL blocking by category
• Profanity detection and filtering
• Script and executable blocking
• Enhanced statistics
• Asynchronous API (faster and non-blocking filtering)

Thanks to Websense's Threat Seeker Network, Defensio can now detect and block much more than just spam, offering you the absolute best protection for your website.

Screencast

We prepared a screencast where you can see of the new Defensio 2.0 features.

Wordpress

The Wordpress plugin has been updated to leverage the new features we are introducing today. Upgrade today!

Pixelpost

Thanks to Dennis Mooibroek, Pixelpost now also supports Defensio 2.0. You can download the latest version of the Pixelpost plugin on our website.

Facebook Protection

A few months ago, we started noticing that a lot of spam, profanity, malware and malicious content was making it onto personal and corporate Facebook pages. We knew we had to do something about it. Our response to this growing problem is the first ever Facebook security suite. This is also launching today!

Once Defensio for Facebook is installed, we will constantly monitor your page for possibly unwanted content. Should we find something suspicious, we will alert you. This Facebook application works with any kinds of pages, including personal and corporate profiles, group pages and fan pages.

To install Defensio for Facebook, simply create an account at http://defensio.com/signup. If you already have a Defensio account, log in, then in the control panel, click "My API keys", then "Protect another web property".

Other platforms

More platforms will support 2.0 very soon. Defensio 1.x remains available and software using our old API will keep working as usual.

New Developer API

We love our developers, and we made sure not to leave them out in the cold. Defensio 2.0 ships with a brand new and improved asynchronous RESTful API! The new API features:

• Asynchronous (or synchronous) for fast, non-blocking calls to Defensio
• Optional web hook for asynchronous calls
• Entirely RESTful
• More generic wording, making it less targeted towards blogs and easier to use in a wider range of web applications
• New actions for profanity filtering and enhanced statistics
• Content classification (spam, malicious, innocent)

See the API 2.0 documentation for more details.

We're also releasing many 2.0-ready developer libraries for PHP, Ruby, Python and Perl. This should make your life easier when upgrading your application to Defensio 2.0. You can find them in the "downloads" section of our website.

Conclusion

I hope you're as excited as we are about the second coming of Defensio. Let us know what you think!

If you think image spam is elaborate, think again!

At Defensio, we see all kinds of crazy and innovative spam each day. But recently, something we never thought we'd ever see showed up on our radar: a significant influx of VIDEO spam, most of it hosted on YouTube.com. I guess this just shows how far spammers are ready to go to sell their junk.

Here's a screenshot...

What do you think will be the next trend in spam?

This morning, hosted e-commerce solution Shopify enabled commenting on its users' blogs.

After comparing the many spam filtering services available, the Ottawa-based firm decided to use Defensio as their first line of defense.

This is yet another great step for us since Shopify currently hosts ~40,000 blogs.

Shopify launched in mid-2006 and was greatly acclaimed.  Building an online store with Shopify couldn't be easier and many believe they are a great contender to overtake eBay's dominance in this market. Shopify recently announced they passed $10M in total sales.

Another week, another platform supported!

It's our pleasure to announce that our Canadian friends at Hop Studios built a Defensio module for the wonderful ExpressionEngine CMS.  They call it Defensio Combo.  You can get it from Hop's website, or download it from our very own website.

With ExpressionEngine 2.0 just around the corner, you'll be happy to know that the guys at Hop committed themselves to releasing an update to their module shortly after the 2.0 release. You'll never be without decent spam protection again.

Welcome to the family EEers!

Google recently acquired Textcube, a Korean blogging platform that looks very promising.  To our surprise, we discovered that a Defensio plugin was already available for Textcube!

We're glad to add it to our list of supported platforms.  You can download it on the Defensio for Textcube page.

We just released a new version (1.6) of our WordPress plugin. (get it here)  It is a recommended update for everyone.

Many small things were improved and fixed, but the most interesting change is the better integration of the quarantine with WordPress 2.5 and up.  

We've been testing this new release for some time, but if you have any problem with this update, please let us know.

Happy blogging!

Good news!

By popular request, we just started hosting our WordPress plugin code on GitHub!  You can now stay up-to-date with our development effort and even help us by implementing the features you want.

GitHub (and Git) make collaborating on software easy.  Everybody can now fork our plugin to implement new features or fix a bug.  We'll be happy to integrate any changes we feel will benefit other users.

If you're not that much of a coder, you can still help!  We definitely need people to test the freshly baked code you'll find at GitHub.

Our GitHub page is at http://github.com/defensio.  Oh... and if you don't know what Git is yet, you should definitely check out PeepCode's great video on the subject ($9, but worth every penny).

We have also created a ticket tracker at Lighthouse.  You can now submit your bugs or feature requests here: http://karabunga.lighthouseapp.com

Happy collaboration!

WordPress 2.6 was released this morning.  Defensio works fine with it, so upgrade without fear!