In a blog post Tuesday afternoon, Symantec identified a weakness in Facebook’s API that groups are using to auto-post messages to Facebook users’ walls.
According to the blog post, a weak point in the social network’s mobile API exposes users to the worm. Anyone who is logged into Facebook who goes to an infected site can pick up an element that posts a message to the user’s Facebook profile.
The worm is particularly popular in Indonesia.
“Just visiting an infected website is enough to post a message that the attacker has chosen,” Symantec’s Candid Wueest wrote. “Therefore it should be of no surprise that some of those messages are spreading very fast through Facebook. Some are posting links to infected websites, creating XSS worms that spread from user to user.”
Symantec has informed Facebook of the issue and said that the attack will work whether or not users have enabled SSL. The security company suggests that Facebook users log out of the site when it’s not in use or use security tools to block users from going to infected sites.
(Post Co. Chairman and Chief Executive Donald E. Graham sits on Facebook’s board of directors, and the newspaper and many Post staffers use Facebook for marketing purposes.)
A survey released today by BitDefender, a maker of virus protection software, found that 87 percent of users recognize fishy posts (like the ones produced by this latest worm) but only 43 percent warn other users about them.
What do you do when you see a suspicious post on your friends’ walls? Do you tell them? Or do you ignore it?