Social networking - New Facebook Worm Spreads - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

New Facebook Worm Spreads

Written By
Brian Prince
Brian Prince
Nov 23, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

When, oh when, will it be safe to view Internet porn?

All jokes aside, on Nov. 23 AVG Technologies reported a new worm targeting Facebook users. The worm spreads by putting an alluring picture of a woman on the profile pages belonging to people it infects. The picture will also appear in the person’s News Feed.

If you click the picture, it takes you to a malicious site that will ask you to click on a picture if you “want 2 c something hot.”

Unfortunately, all the user gets is a worm.

“This worm uses what is technically known as a CSRF (Cross-Site Request Forgery, also called XSRF) attack,” blogged Nick FitzGerald, emerging threats researcher at AVG. “A sequence of iframes on the exploit page [calls] a sequence of other pages and scripts, eventually resulting in a form submission to Facebook ‘as if’ the victim had submitted a URL for a wall post and clicked on the ‘Share’ button to confirm the post.”

Facebook however has a different take. According to the social networking site, the is actually an example of clickjacking.

“We’ve taken action to block the URL associated with this site, and we’re cleaning up the relatively few cases where it was posted (something email providers, for example, can’t do),” a Facebook spokesperson told eWEEK. “Overall, an extremely small percentage of users were affected. As always, we’re asking people not to click on suspicious links, even if they’ve been sent or posted by friends. You’ll find this tip and others on the Facebook Security Page: http://www.facebook.com/security.”

Once you are infected, your profile and status will be updated to show the scantily dressed vixen, and the saga continues. According to Roger Thompson, chief research officer at AVG, the malware does not appear to be tied to Koobface, which continues to target Facebook and other social networks. The aim of the worm seems to be to direct people to adult Websites where someone presumably makes money by getting clicks, he said.

“It’s interesting though that such a neat exploit should be ‘wasted’ on seemingly low returns,” he told eWEEK. “One wonders if perhaps other folks have been using it for more nefarious purposes.”

Describing the worm as new, Thompson said he was unsure how many people have been impacted so far. He added that AVG tested the worm on Windows and Linux machines running Firefox and found it worked successfully.

As always, the advice is to be careful what you click.

UPDATE: This was updated to include more information from AVG and Facebook.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information