Facebook Watcher

New Facebook attack are once again in the news, this time was discovered by Unified Threat Management vendor Fortinet. In particular, this security warning came from Fortinet, in a FortiGuard Advisory (FGA-2008-26), said that Facebook users who click on the URL links found in their message inbox in order to watch video, and the URL links which point to a Google Reader shared items site or Google Picasa site, may be at big risk for an attack.

This is mainly because for the Facebook users to view video on this Google Reader or Picasa site, they are prompted to install a special codec which contains Trojan. The codec itself is nothing but a Trojan, will load various malware pieces, as well as a copy of worm.

Although it’s not clear what impact this Trojan has on your system at this point, whether the anti-virus program installed is capable in protecting your system. However, Facebook users are advised not to download any codec when they’re social networking in Facebook.

[via PC World]

I just came across an article that entitled, “Pizza Hut To Spam Facebook Users.” To me, this article is quite interesting, especially it talked about when a user installs the Pizza Hut Facebook application called Pizza Hut Interface, whenever she ordered a pizza from Pizza Hut through this application in Facebook, her friends would get to know which pizza she ordered through a tiny notification appeared on their Facebook profiles.

Is this an act of Facebook application spam? How about the notification itself offers nothing about your own interest, for example, XXX accepted your friend request, or XXX wrote on your Wall, but something that do with Pizza Hut products, a food that it might not suit your taste in the first place.

At the time of my writing, there are over 600 monthly active users for this application. If you do not want your Facebook friends to know which type of pizza you’ve ordered, you simply can order it over the phone, don’t install this application.

Most recently, there are two (2) Facebook forge sites, with the URL FaceUbook.com and Faceiibook.com appeared on the Web. The domain URL’s landing page design is the same as Facebook new design, respectively, which made some users mistakenly typed in their IDs and passwords onto these two forge sites.

The URL links of these two forge sites are mostly came from emails into some Facebook users’ Inbox in the format as follows:

Hey! you have a Crush waiting for you on your Facebook!! See here!

hey! somebody wrote something about you in their blog here members.aol.com/hottyblogy54354

While I clicked on the above AOL blog page, it seems AOL is aware of this spam message and deleted this hottyblogy54354 page. The URL links of the messages aforesaid are touting people to sign-in their Facebook accounts, so that their personal information will be leaked to the forger, whom believed is from China with the following email, i.e. lizhilin_lizhilin1@126.com, according to the whois record of faceiibook.com and faceubook.com.

First thing first, never ever log on to Facebook using any external URL link other than www.facebook.com that sent via IM or email. “Facebook Users, Beware of the Fake Hubs.”