New Facebook Worm Spreading Via User’s Walls

According to one of AVG’s bloggers, the worm spreads as users that are already logged into the social network click on the suggestive photo that is being placed on their walls by infected friends.

Here’s how it works:

“For those unfamiliar with Facebook (is there anyone other than me in that set?) the thumbnail of the worm’s infective page is a link to the page. The worm’s objective, of course, is that others viewing the victim’s wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim’s wall, and so on…

This worm uses what is technically known as a CSRF (Cross-site Request Forgery, also called XSRF) attack. A sequence of iframes on the exploit page call a sequence of other pages and scripts, eventually resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”

While this attack seems to cause more embarrassment than it does damage to your computer or account, it also seems like one of the easier ones to fall for since all it requires is “clicking da button, baby.” The long and short of it seems to be: avoid the booty.

Source:

http://mashable.com