Infected Computers Used in New Facebook Spam Attack

Computers infected with a piece of malware that hijacks Facebook accounts are used in a new and aggressive spam campaign on the social networking website.

According to security researchers from F-Secure, the spam messages posted from compromised accounts promote a video sharing website and read:

"Free Tube Hub - Your Daily Source of Uploaded Tube Movies! Fine tube hub is the awesome collection of best tube videos, free movies and streaming Clips. Our hub brings free full length videos with most hottest sexy girls :P"

The links included in the messages point to over 21 different domain names hosted on a server which contains a redirect script leading to a rogue .in website.

F-Secure security advisor Sean Sullivan told us this is the same infrastructure used last week in the "IMF boss" Facebook attack that distributed Mac and Windows scareware.

In addition to rogue applications, that attack also distributed a trojan component as a Flash Player update which hijacks the Facebook accounts of people using the infected computers.

It's not clear if the same malware is distributed in this new attack, because the script keeps track of visiting IP addresses and only lets new ones through.

Chances are there is a similar malware component to this attack so users are strongly encouraged to refuse any download offered by the rogue pages. In fact, they shouldn't click on the spam links in the first place.

One issue is Facebook's ability to respond to these attacks. The previous one remained live for almost 48 hours and this one is already going on for over 24.

"Facebook has a problem. To block these types of attacks, they'll need to suspend the profiles of infected users. But how to inform the user as to which computer is infected?" Sean Sullivan asks.

The techniques used in this attack are reminiscent of the notorious Koobface social networking worm which stopped spreading on Facebook site since the beginning of this year.