Last week I wrote a post about the Facebook spam problem. The malicious thing about this spam is that it’s coming from friends’ accounts, but it’s clearly not being authored by them.
I have received more obvious spam on Facebook in the past two weeks than I have cumulatively received in the [approximately] past two years. In addition to the spam on my Wall and in my News Feed, I am now getting personal messages from friends which are clearly not authored by them [below are two that I received today].
A few friends have changed their passwords and have continued to have issues, which is inconsistent with a standard phishing attack (people would need to be phished twice in order for this to make sense — highly improbable). Are Facebook applications being used as a Trojan Horse for spam? Has some cracker launched a worm again? Or have a large number of people installed malicious software on their computers that is logging keystroke information or polling IE for Facebook credentials?
Whatever the case, Facebook needs to immediately take the following steps:
1. Add a “flag” item in the “edit” menu which is attached to all FB content in the new Facebook design. They should add a second level to identify the content as spam or inappropriate content.
2. Send an email to every user discussing the situation and asking for help from the community to catch the bad guys.
3. Give Max Kelly more resources.
SPAM in my Facebook inbox.
SPAM in my Facebook News Feed.
Update 8/23/08: Changed the title from “Is F8…” to “Is the Facebook Platform…” to correct the title as F8 refers to Facebook’s developer conference rather than their platform. Thanks to Ryan Waggoner for the correction.
8 Comments
August 24, 2008 at 3:48 am
Maybe this is how Facebook is monetizing the site? How else are they gonna justify $15B valuation??
August 24, 2008 at 5:04 am
F8 is Facebook’s developer conference, not their platform.
August 24, 2008 at 5:06 am
Good point Ryan. Corrected the title. Thanks.
August 24, 2008 at 4:26 pm
You might be able to figure out if its a virus or phishing by polling the affected people about what kind of computer they use. I know Bonforte is at Xobni so he probably has to use Windows.
August 25, 2008 at 12:05 am
[...] Is the Facebook Platform being used for phishing? Last week I wrote a post about the Facebook spam problem. The malicious thing about this spam is that it’s [...] [...]
August 25, 2008 at 10:27 am
Hi,
i saw and received a ton of new spam from friends on facebook whose accounts have been hijacked. I went on one of the phishing sites and was amazed at how similar it looks to Facebook but now i have advised my friend’s to change their spam filters to Abaca’s Email Protection Gateway as it blocked Replica watches spam mails, Subpoena Phishing mails and many more.
August 25, 2008 at 5:43 pm
How about the phishing warnings when people are logging onto their apps? I’ve gotten this from Nations and Bumper Sticker. Log in and your security software tells you it’s a “known phishing page”. Seriously, this concerns me. I thought maybe my security was just on the fritz, but someone else I know on FB has been having the same problem.
October 30, 2008 at 12:22 am
[...] Is the Facebook Platform being used for phishing? Last week I wrote a post about the Facebook spam problem. The malicious thing about this spam is that it’s [...] [...]
Leave a Reply