CNET también está disponible en español.

Ir a español

Don't show this again


Phished Facebook accounts pass along malware

Facebook users are hit by a second phase of phishing attacks from last week, but this time the spam link leads to a site hosting malware instead of stealing passwords.

At least one Facebook account that was hijacked in phishing attacks last week was used to send out spam directing people to a malware site, according to the social-networking company.

Some Facebook users reported receiving messages on Thursday that said "look at" and contained a link leading to a site that appeared to be hosting adware, said Facebook spokesman Barry Schnitt. Adware is software that automatically displays or plays ads on a computer once it has been installed and can be used to spy on computers.

"We think it's adware," Schnitt said. "It doesn't appear to be self-propagating. We are still investigating."

The malware Web site was offline by late morning Pacific time and any messages on Facebook containing the link had been removed, he said.

The spam attack is believed to be the second stage of two related phishing attacks that happened last week. In those attacks, Facebook users received messages from friends urging them to "check this out" and including a link to "FBStarter" or "FBAction" Web pages. The pages appeared to be Facebook log-in pages, but were fake sites designed to steal usernames and passwords.

"It appears that the spammer has bided his time a little bit," Schnitt said in reference to the week between the spam attacks.

Facebook reset the passwords of members whose accounts were used to distribute the spam last week, but apparently the phishers were able to get control of at least one of the affected accounts before that could happen. Those hijacked accounts were then used to send the spam on Thursday.

People who received the latest spam and clicked on the link it contained should run an antivirus scanner on their computers to make sure there is no malware on them, Schnitt said.

People who had clicked on the link in last week's phishing attacks should reset their passwords if they haven't already done so.