Talk about a field day for hackers. Any Web application with almost 500 million users is going to be a rich target. Facebook has experienced an upsurge of attacks since 2008 thanks to the Koobface virus.
Koobface, an anagram of Facebook, achieved rapid success by spoofing the profiles of existing users and then sending malware attacks to everyone on the users' contact list, aiming to steal personal and financial data such as credit card numbers, login credentials and other personal account information. Infected Koobface links were also used to direct users to fraudulent Facebook login sites, prompting them to re-enter their login credentials. The site was in actuality a spoofed page, designed to steal login information which would be used by the hackers for identity theft purposes and to send spam soliciting fake pharmaceuticals and other merchandise. The attack then incorporated the victims' computers in a malicious botnet, operated by a command and control center.
Koobface is alive and thriving today, continuing to spread Trojan horses and other malware to unsuspecting users on Facebook, as well as MySpace, bebo and other social networking sites. And, not surprisingly, security experts contend that it is one of the most prevalent pieces of malware on the Internet.