I will add that there is a Facebook phishing virus that you should keep an eye out for as well. http://www.techcrunch.com/2008/08/07/elaborate-facebook-worm-virus-spreading/
Facebook malware attacks to date have largely consisted of getting user credentials via phishing sites and then spreading spam and additional phishing attempts. But a new worm is disseminating through Facebook that aims to install trojan software on a user’s machine.
The worm spreads when a compromised user’s account is used to send message to others with a title such as “LOL. You’ve been catched on hidden cam, yo:” and a link to a random URL. The linked website is a YouTube-like page that shows a video player along with what looks like a standard browser message to update your Flash installation. Clicking on the button begins a malware installation of a file called “codecsetup.exe.” We didn’t go so far as to install the software, but our guess is that it zombies your computer, installs a keylogger, and other fun stuff.
A nasty feature of the worm is that it takes the profile picture of the sending infected user and adds it to the linked website. This makes it all look much more legitimate for the potential victim. Facebook users are notoriously naive when it comes to security awareness, and a certain percentage of users will always end up falling for this kind of social hack. There’s little Facebook can do other than attempt to filter out the landing website in messages.
Facebook head of security Max Kelly, a former FBI computer forensics examiner, wrote a blog post tonight addressing the worm attacks on Facebook we wrote about earlier today. His advice to Facebook users: report suspected malware, and try not to share your password with anyone.
Kelly also says Facebook blocked the ability to link to the malicious website from anywhere on Facebook, although a black list approach like this is a never ending battle. The real solution on an individual level is to bail out of Windows to Mac or Linux where you are (relatively speaking) safe from these kinds of attacks. Of course, if too many of you do that, those operating systems will be targeted next.
A more general solution relies on an awareness campaign about these social hacks by the major sites like Facebook and MySpace. Eventually users will learn to avoid the newest trap, and the bad guys will be forced to invent yet more creative ways to get into your computer.
Is a tree as a rocking horse
An ambition fulfilled
And is the sawdust jealous?
I worry about these things .
Kevin Godley & Lol Crème (I Pity Inanimate Objects)