May 15, 2011

Facebook fixes bug, but 'Nicole Santos' hoax lives


Facebook has fixed a bug that allowed malware to take over accounts and spread overnight, but the "Nicole Santos" hoax has turned into a viral sensation.
The hoax was evident on pages littered with wall posts that use profanity and urge people to "vote for Nicole Santos." The posts say that the only way to remove them is to disable them by clicking a "remove this app" link below the post. Doing so allows the malicious code to access your Facebook account and post the hoax to your friends' pages.
"This spam was spread by a vulnerability in our code and we worked quickly to resolve this matter," Facebook said in a statement today. "The bug caused a small number of spam comments to be posted to users' walls, and we are in the process of cleaning up any spam it may have caused."
Basically, the vulnerability allowed people to post malicious code in comments and they were treated as URLs and allowed to spread. The bug improperly allowed a specific category of URLs (javascript: URLs), according to Facebook. The company is removing the posts from users' pages, but the malware continues to spread when people click on the links.
Users should not click on the links or on any links that are circulating that require people to "'Verify you account to prevent spam,' as this may be how the hack gains access to your Facebook wall in the first place," reports The Next Web. "Simply block the friend sending it to you as their account is now compromised. Once the problem has been fixed by Facebook you can re-enable them."

No comments:

Post a Comment