Facebook worm detected that uses news feed

A worm that spreads through Facebook by using the news feed has been detected.

Roger Thompson, chief research officer for AVG, claimed that the worm works by infecting one user and using their profile page and news feed to show a scantily-clad woman. If you click the picture you are taken to the attack website where you are asked to click a button to "see something hot".

By clicking on the button, your profile and status are updated to show the scantily clad girl, and thereby entice all your friends to the same page.

“The attack is what's known as Cross Site Request Forgery (CSRF), which is a pretty tricky attack, but the basic idea is that a malicious site tricks the innocent site into doing something it didn't intend to, such as, in this case, updating the victim's profile and status with the malicious link.”

AVG emerging threats researcher Nick Fitzgerald said: “For those unfamiliar with Facebook, the thumbnail of the worm's infective page is a link to the page. The worm's objective, of course, is that others viewing the victim's wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim's wall, and so on."

Thompson further claimed that this was something "best fixed by Facebook", but the interesting question is what other pages are using the same attack. He also queried how many other people have been using the attack without being so obvious about it.

“When your profile suddenly starts luring your friends and family to porn sites, that tends to stand out, but one wonders what else might have been happening with more subtlety. The worst hack is always the one you don't know about,” said Thompson.

See original article on scmagazineuk.com