Security Bytes

Nov 23 2009   2:12PM GMT

New Facebook worm uses sexy model to get guys to click da’ button

Robert Westervelt Robert Westervelt Profile: Robert Westervelt


Facebook worm uses a cross-site request forgery attack to spread via the victim’s wall posting.

Israeli security researcher Gadi Evron and AVG researcher Nick Fitzgerald are reporting a new Facebook worm that uses a suggestive picture of a scantily clad woman to spread on the social network.

The picture includes a button and the phrase “Click da’ button, baby!” Once a Facebook user clicks the malicious link they are brought to an attack website landing page which automatically updates and copies the victim’s Facebook wall with the malicious link. It also copies the wall.

In blog posting Evron said he stumbled across the Facebook attack after he was tricked by a posting of the link on a friend’s Facebook wall.

This shows that even experts can become complacent and trust systems when they really shouldn’t. It’s a good reminder for me to be more careful with social networks, which for some reason I have grown used to trusting more, without even noticing it happen!

Fitzgerald wrote that the worm uses a cross-site request forgery (CSRF) attack “resulting in a form submission to Facebook “as if” the victim had submitted a URL for a wall post and clicked on the “Share” button to confirm the post.”

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: