Dear social insecurity

Originally released back in January of 2011, this was a segment inside a security special show we taped at the end of 2010 doing a deepdive on the Cisco Annual Security Report.  I wanted to write something a bit snarky....I like the way it turned out. The jokes may only be obvious to security folks.

My script:

Dear Koobface.  Can I still call you Koob?

You have been a wonderful friend, I remember how we first met.

Got a message from one of my old friends…click here ‘can’t believe your face in this video’ or something…you know me, I love seeing myself on camera, … wait.  I am apparently missing a required component… a ‘video codec’ I think it said..well I’m this far, I like video stuff…lets get that sucker loaded.  

Wow. I did not realize what had happened right away….but I was bitten. ‘Socially Infected’ if you will.

To be fair, your not a one friend kind of friend…  Social infection has taken on a whole new meaning in the last year thanks to this ‘Gratuitous link-sharing behavior’ I have heard it called. Social Networks are the Place to be!  And you my friend, are the expert at making money on this! Hats off to you Koob!

Well that video component you said I needed was actually an executable file that kicked off a whole bunch of activities.


Can I be honest?  You had me at ‘click here.’  But you were not done were you?  

At first I thought you were just bragging - “Gotta check in” you said I should have seen the signs - Command and control, a central feature of every budding botnet. Turns out you were just casing my place, logging my social activities and sites, I know I made it easy, all those cookies laying around - fair enough.

You were measuring windows and checking out the floor plan…making room for your tools.. Very specific tools it turns out. Now, I appreciate the effort actually, no sense hauling in tools you don’t need - you could see what I was doing.  Now, my friends are your friends!  And convenient too, since they now think all these new messages from you are coming from me.


With no extra work on my part, you even helped me become a webserver.  I’ve never been a webserver!  Now I got to act as proxy or provide relay services for all our little koobface friends - in fact, and I love this one, I did not even have to break my own CAPTCHA’s anymore.  I never liked those things!  I mean why prove I am human if I have friends that will do it for me?  Great little service.  And downright neighborly!

Thats when things started to go wrong Koob.  You know why.  It was the money.  I was already impressed with your social media propogation parlour tricks…but you showed your true colors.   You know money is what ruins most relationships.  

Your modularity should have tipped me off - the fact that you could sell yourself on a ‘pay per infection’ basis to those suspicious looking friends of yours - SEARCH HIJACKERS - ready and willing to lead my browsing preferences right into those worthless click-fraud sites…DATA STEALERS…what kind of friends are these?  Nice try convincing me it was just a creative back up strategy.   But the final straw, the ROGUE ANTI-VIRUS INSTALLERS…those guys are so old school….I can’t believe you still hang with them.   ‘Click here to protect yourself’. It does still pay I guess.  

You know Koob. Enough was enough.  You are who you hang out with.  

That is why I unfriended you.