The more popular Facebook becomes, the more dangerous it becomes to use. As if you didn’t already have to be wary of Facebook’s emails, now a worm is spreading via Facebook user’s walls. According to anti-virus maker, AVG, the worm spreads when users click on a provocative photo that is being placed on infect dusters walls. By clicking on that image, users are then opening themselves up to attack.
Below is an explanation of how this nasty works according to one of AVG’s bloggers:
“For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…
This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”