In the last 24 hours, Facebook has been hit with more than five different spam attacks which security experts say is the biggest spam attack appearing all over people’s walls in such a short time.
“Facebook is vulnerable to spam by design, since Facebook users trust the messages they see on their friends’ walls, and have no fear of clicking them,” said ESET’s Urban Schrott.
“The cyber criminals (ab)use this behaviour, and spam Facebook regularly.
“Since there are more than 500m Facebook users, Facebook spam became a multimillion-dollar business for cyber criminals. A good and up-to-date antivirus software can protect you from downloading malware, but it cannot protect your Facebook wall. If you click on a spam message, it could infect your computer and it spreads to your friends,” Schrott said.
Schrott warns that in a typical scenario a user sees a “shocking must-see topic” appear on a friend’s wall or in the news feed. The curious Facebook user clicks on the message to watch a video and is immediately lead to another page, sometimes within Facebook, in some cases outside of it, to some drive-by malware ridden one.
“On that other page, the user usually has to like the spam message, or gets to do different other things, such as answering questions, installing a Facebook application which requires access to their info, downloading malware code masked as some video codec or signing up for a premium-rate mobile text service.
Users can voluntarily infect their computers with malware
“By confirming these actions, users can voluntarily infect their computers with malware, bypassing their security software. At the end of this ordeal the user may or may not be shown the ‘shocking video’ which is usually some useless fake, but for the cherry on the cake, the spam message now appears on his wall and in his friends’ news feed, so he can infect all of them, as well.
“Antivirus software can not protect users from Facebook spam, since the spam is working inside Facebook. The only defence against it is user awareness and thinking before clicking,” Schrott warned.