Apr 4, 2011 09:13 GMT  ·  By

A new Facebook scam is luring users to participate in surveys and install rogue apps by promising them the ability to count profile views by gender.

According to security researchers from Sophos who spotted the attack, the spam messages that spread unknowingly by victims read: "AMAZING! My Facebook wass has been visited #### times. Boy views: ###. Girl views: ####. Check yours @: [LINK]" (where # is a digit).

The first exclamation changes between "shocking", "wow" and "amazing" in an attempt to introduce more variety to the attack and make it harder to detect.

Clicking on the link takes users to a rogue Facebook app that asks for access to post on their walls. If installed, the app starts sending spam from the victim's account without their knowledge.

"The scammers have created a variety of different rogue applications that they are using in this particular scam," warns Graham Cluley, senior technology consultant at Sophos.

"Facebook, sadly, doesn't adequately verify the people who create apps so you're playing Russian Roulette when you allow a complete stranger this level of access to your Facebook page," he adds.

Misfortunate users who end up installing the rogue app get redirected to a page that displays partial information about who viewed their profile and for how many times.

However, the page is blocked by a dialog window that asks users to participate in a survey before being allowed view the complete data.

These surveys are part of affiliate marketing scams that earn attackers money. In addition, some of them try to deceptively sign up users to premium rate mobile services.

In the end there is no data to be shown because this kind of feature has major privacy implications and is not available on Facebook.

People who fall victim to this scam should go to Account > Privacy Settings > Applications and Websites and remove the rogue app. They should also clean the spam messages from their walls.