11.10.10

New Facebook Worm Posts Updates Automatically Infecting Friends

Here is a story from a victim of a new Facebook worm:

'I just got an update on Facebook from a friend asking what I was doing in a video they saw.  I clicked on the link and discovered I needed to login again to Facebook again…  Huh, that’s odd I thought as I typed my username and password again.  And just as I was pressing the enter key, that voice in my head went off and I realized I didn’t check the URL on the link.  Sure enough, the site I just logged into was NOT Facebook.com even though it looked just like Facebook.  Crisis mode…

I quickly jumped back into my REAL Facebook account and checked who else received my friends “message”.  Sure enough, the same message was being posted to every one of her friends obviously through an automated worm which I probably just picked up. I just fell victim to a classic Phishing attack.'

To avoid this happening to you DO NOT follow this link, if you see this message or anything close to it, simply delete the post so no one else will click it either. Next you should email the person who you got this from to let them know their account was compromised. It’s important to let them know because they’ll need to get rid of the culprit.

If you do get infected do this:

Step 1  - Login to your Facebook account and go to Account | Application Settings

Step 2 – Confirm you have the following two applications:

coma estas
Veoh Videos

Step 3 – Go to the little x on the right side and delete both the applications.

Once you delete those two applications your auto updates/posts should stop right away. I also highly recommend you change your password immediatly since they collected it earlier.

These types of things will most likely get worse in the future so we need to always be aware of what we’re agreeing to or signing up for when allowing applications to access our Facebook account.