Worm Hits Facebook Walls


Thanks to the fact that it stores so much of users’ personal data, Facebook has long been the source of security concerns, but now a new worm is taking advantage of Facebook’s relative openness, spreading via wall posts.

You can tell this isn't my facebook, beacuse it's not in Latin.

AVG is carrying word that the latest worm to hit Facebook isn’t really all that destructive, but is plenty inconvenient and potentially embarrassing. Essentially, the exploit takes advantage of the fact that users are logged into Facebook when they click the link in the first place, an exploit that was highlighted earlier this month by a Facebook application developer, who then said he hoped it to be fixed shortly. According to AVG’s Nick Fitzgerald’s description of the worm itself,

“The worm’s objective, of course, is that others viewing the victim’s page will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…

The worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a submission to Facebook ‘as if’ the victim had submitted a URL for a wall post and clicked on the ‘Share’ button to confirm the post.”

It’s all relatively simple, and it won’t be stealing your data anytime soon, but that doesn’t mean that this exploit is any less worrying. If nothing else it shows that there are those who are both capable and willing to use Facebook’s practically instant access to a large audience to generate a quick bit of traffic.

We’ll be curious to see if Facebook responds officially or just blocks the exploit that allows the worm to propagate itself.

Until then, you can check out AVG’s page on it if you’d like to read more about the Facebook exploit and the worm taking advantage of it.


Tags: , , , , , , , , , ,

One Response to “Worm Hits Facebook Walls”

  1. healthfoodsupernovice Says:

    Weird, I commented on this on someone’s page over the weekend. I saw it and was like, ew wtf is he playing at? Then it was gone, deleted like it had never even been there. I assumed it was just him looking at unsavory things via some facebook app and accidentally posting it on his wall.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: