Once the bad guys have tricked you into adding a rogue application to your Facebook account, don't be surprised if they use it to spread more of their scams.
Here's an account which suddenly started advertising a scam page, even though its user hadn't logged in for some time. In other words, they hadn't been socially engineered or clickjacked into posting this message:
The SHOCKING hidden message on Coca-Cola logo!
I cant BELIEVE this
Some other versions give the so-called hidden message a devilish spin:
SHOCKING SATANIC Message In The Coca Cola Logo
If you see one of your Facebook friends post a message like this, and click on the link you'll be walking into a trap yourself and could soon be spreading the dodgy links to your online pals as well.
And it's not just hidden messages in Coca-Cola logos. The same Facebook users are being used to spreading messages about:
Girl captured DEAD on Google Street View
Captured by Google
99 facts Guys wish Girls knew! <3
These are the 99 things all Girls MUST know about guys.
These facts are 100% true and absolutely SHOCKING!!!
Until more users learn to be suspicious of liking pages like this, and keep a closer eye on what installs itself on their Facebook page, these scams are likely to continue.
If you've been hit by such an attack - check that your profile no longer "like"s any of these pages, and remove the right of suspicious applications to access your account. It also may be time to choose another password - make sure it's a strong one.
Over 100,000 people have already joined the Sophos page on Facebook to be kept informed of the latest security threats - if you're a user of Facebook, maybe you should join them too?Follow @gcluley