Social network Facebook plagued with new worm threat

The CSRF Worm advertises itself as a product of the skin trade. It posts an image of a near-naked woman appears on a user's wall alongside all the other legitimate activities of that person's friends. Embedded in the image is a link, bracketed by the text: "Want 2 C Something Hot?" and "Click da' button, baby."

Clicking the button brings up a full-screen version of the image, and clicking again navigates the user to a pornographic Web site.

"The worm's objective, of course, is that others viewing the victim's wall will click the link, and as they are logged into Facebook, the worm will propagate its link to that victim's wall, and so on," AVG researcher Nick FitzGerald wrote in a blog post this morning explaining the vulnerability.

"Users who've been affected are put through a remediation process so they can reset their password and take other necessary steps to secure their accounts," Facebook spokesman Simon Axten said.

"To combat these threats, however, we need users' help too," he added. Axten encouraged users to be mindful of standard safe-surfing best practices, such as keeping up with browser updates, choosing secure passwords and not clicking on strange links. He also appealed for Facebook users to become fans of the company's security page, which offers guidelines and regular updates for staying safe from such attacks.