I'm a Facebook addict. I would login and check out all the lovely ladies everyday. I'm sure millions of men are doing the same and malware authors have already gotten onto the bandwagon.
Another variant also comes as a faux email from faux Facebook.
Who can resist a video of their drunken friend doing a striptease? Following the link will bring us to a Facebook-like looking page with dodgy scripts to download malware. Sophos detects the dodgy script as Mal/VidHtml-H and the downloaded malware as Troj/Dloadr-CKF. The malware also contains password stealing functionalities.
As I am writing this, I suddenly thought of the facebook application I added this morning (What SpongeBob character are you?). I have willingly allowed an unknown person to have access to my details by doing so.
On Facebook, it states:
"Facebook is providing links to these applications as a courtesy, and makes no representations regarding the applications or any information related to them. Any questions regarding an application should be directed to the developer."
I cannot find any information regarding the developer at all, not even a name. Could a malware author use that information to do something nasty?