Facebook Users Duped By Link Spam Attack

Researchers at Fortinet recently discovered that this time the attackers are posting deceptive messages on the social networking site's "wall" feature. During the attack, the spammers spoof user profiles in order to lure them to linking to online "pharmacy" shops and other phishing sites.

"The whole purpose of spamvertising is money," said Derek Manky, senior research engineer at Fortinet. "More people get paid out and that's the ultimate goal."

During the attack, Facebook users will be enticed to click on a link from someone on their contact list -- not realizing that their friends' profile has been hijacked. Once they open the link, users will then be asked to submit login credentials.

However, instead of being used for legitimate purposes, the credentials sent to the spammers, which can then be used to access and spoof copious accounts in subsequent phishing attacks.

"Users are starting to become more educated," said Manky. "If it's a trusted source, they're more likely to follow that link that's presented to them."

Experts say that they haven't yet pinpointed exactly how the attackers were first able to access the accounts, but say that it is possible that attackers initially hijacked them through a phishing attack.

Other methods include installing a banking Trojan or a keystroke logger that was downloaded through a malicious file or Website to harvest information.

While these kinds of spam traps have already made their place on MySpace, they have been relatively uncommon on Facebook thus far.

"We haven't seen a lot of movement yet [on social networking sites]," said Manky. "I think it's going to become very popular. The end goal is to get as much traffic as possible. The next generation of users may not be as tech savvy or aware using these sites."

Experts say that the new trend of targeting social networking sites is similar to other tactics they've seen in the past, where attackers post misleading links to spamvertised sites on blogs and other forums.

Researchers maintain that Facebook, and other social networking site users should be wary of messages that entice them to access strange links, even if the message is coming from a seemingly trusted source.

Fortinet researchers said they had already contacted Facebook regarding the attack. Facebook did not immediately return communication from ChannelWeb.com.

So far, experts say that the spamvertising does not appear to be malicious, but contend that will likely change as phishing attacks on social networking sites become more prevalent.

"It further highlights the point that once it starts happening, it's only a matter of time before malware is distributed through social networking sites," said Manky. "Attacks on the Web are a favorite as an attack vector and it's going to be natural for them to evolve to social networking sites."