New Facebook worm detected that directs users to view adult images and infects associated profiles

News by Dan Raywood

A worm that spreads through Facebook by using the news feed has been detected.

A worm that spreads through Facebook by using the news feed has been detected.

Roger Thompson, chief research officer for AVG, claimed that the worm works by infecting one user and using their profile page and news feed to show a scantily clad girl. If you click the picture you are taken to the attack website where you are asked to click a button to ‘see something hot'.

By clicking on the button, your profile and status are updated to show the scantily clad girl, and thereby entice all your friends to the same page.

Thompson said: “The attack is what's known as Cross Site Request Forgery (CSRF), which is a pretty tricky attack, but the basic idea is that a malicious site tricks the innocent site into doing something it didn't intend to, such as, in this case, updating the victim's profile and status with the malicious link.”

AVG's emerging threats researcher Nick Fitzgerald, said: “For those unfamiliar with Facebookthe thumbnail of the worm's infective page is a link to the page. The worm's objective, of course, is that others viewing the victim's wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim's wall, and so on."

Thompson further claimed that this was something ‘best fixed by Facebook', but the interesting question is what other pages are using the same attack. He also queried how many other people have been using the attack without being so obvious about it.

“When your profile suddenly starts luring your friends and family to porn sites, that tends to stand out, but one wonders what else might have been happening with more subtlety. The worst hack is always the one you don't know about,” said Thompson.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews