Survey stuff worm spreads across Facebook

Filed Under: Facebook, Social networks, Spam

Have you seen messages like these being posted by your Facebook friends?

I thought this survey stuff was GARBAGE but i just went on a shopping spree at walmart thanks to FB = <link> , this wont last long so gooo!

I thought this survey stuff was BULL** but i swear I just used the Best Buy giftcard they sent me here <link> to buy a laptop!

I've removed the links from the above examples, but they point to Facebook applications.

Survey scam messages

In the examples I've seen, the messages have one thing beyond their wording in common - they're all posted "via Mobile Web", suggesting that the posts (which weren't made by your friends, just in case you were still in any doubt) may be using a common vulnerability.

What's interesting is that the application's name seems to change each time. That obviously makes it harder to tell users what to look out for, but potentially could also make it more tricky for Facebook's security team to shut down.

Facebook's security team may already be on to it - all of the links I have clicked on so far have been blocked (no, I'm not suggesting you try it at home folks). But if there is an unpatched vulnerability which scammers are exploiting it's possible we might see a renewed attack wearing a different disguise in the near future.

What's worrying is that our friends at All Facebook report that the worm can automatically post to your wall and message your friends - helping it to spread virally.

This has been confirmed by one of my colleagues at Sophos - who sent me the following message after one of his online friends was hit in the attack:

"There IS a vulnerability... You click on the link and it automatically adds the app into your apps profile. And it automatically reposts a status (with another random link). Spent an hour checking my friends... and my own apps settings."

Survey worm discussion

Be on your guard against suspicious posts made by your Facebook friends, and if you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.