Facebook worms are spreading freely
A new worm is spreading rapidly via Facebook. The cause is a problem disclosed weeks ago which Facebook seems unable to fix. As a result, there has been another wave of crafted status messages – this time they refer to a web page which allegedly presents the "101 hottest women in the world".
Those who click on the link are directed to a fairly neutral page with a picture of Jessica Alba and the message "Click here to continue". At this point nothing bad has happened, however, in the background the web page has opened an iFrame which posts the link to Facebook. This works because users are already logged into Facebook when they read their messages. Usually, though, a further click on the "Share" button is also required.
This button does appear in the iFrame – but it is invisible, and a few lines of script code keep shifting it right underneath the mouse pointer. Wherever users click on the page, their click will confirm the posting of the link. The link then appears in Facebook for everyone to see and take an interest – if only to gloat over the sender having fallen for the exploit.
- Security-conscious users consider quitting Facebook, a report from The H.
- Facebook introduces security measures, a report from The H.
- Facebook, the new phishing target, a report from The H.