Sophos Warns Of Facebook Dislike Button Scam

In a Monday blog post, Graham Cluley, senior technology consultant at Sophos, said the scam invites users to click on a link embedded in one of their Facebook friend's updates.

By clicking the link, the user gives a rogue Facebook application permission to access their profile, which then begins propagating itself to other Facebook users.

"If you do give the app permission to run, it silently updates your Facebook status to promote the link that tricked you in the first place, thus spreading the message virally to your Facebook friends and online contacts," Cluley said in the blog post.

Before being taken to the page with the dislike button add-on, the scam instructs users to fill out an online survey, which generates additional revenue for the scammers, according to Cluley. Once this is completed, the user is taken to the download page for the dislike button, a Firefox browser plug-in developed by FaceMod.

Although the scam uses FaceMod's plug-in as bait, the developer doesn't appear to be involved in the scam, Cluely said, adding that users should download the dislike button plug-in it directly from the Firefox Add-ons webpage to avoid problems.

Miscreants are finding Facebook to be an effective platform for spreading malware, and in June the social networking site was hit with a "clickjacking" worm that spread malware to hundreds of thousands of users. That attack used a malicious link posing as the Facebook "like" button to deliver the malware.

Security experts have been calling on Facebook to institute better security controls around the "like" feature, and in the wake of the June attack Cluley echoed this message in a blog post.

"It's clear that Facebook needs to tighten the way it handles the "liking' of external Web pages before it is even more widely abused by malicious hackers and spammers," he said in the blog post.