Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 5th, 2008

Facebook And Myspace Are Being Link Spammed

Spammers have found a fertile new marketplace on social networking sites such as Facebook and MySpace. Fortinet, a security research group warns about hijacked Facebook accounts posting deceptive messages on Wall.
Like most social networking sites, Facebook has a “Wall” feature, allowing users to post comments on friends’ profiles. This is currently being exploited by spammers to post deceptive messages, linking to typical spam sites such as (but perhaps not limited to) online “pharmacy” shops.

Spammers are using genuine users profiles to disseminate these messages and are buying or ‘renting’ these identities from online thieves. Account of a user who was verified to not be a spammer getting hijacked by identity thieves. It involves phishing attacks, deceptive messages that attempt to trick users into handing over their login credentials to hackers. A phishing worm was spotted spreading on Facebook earlier this year and both incidents may be related.

The Fortinet Global Security Research Team advises social networking site users to be wary of phishing attempts: when confronted by a login page or upon clicking a link contained in a friend’s message, carefully check the login page URL. Legitimate login pages are hosted on the original social site domain (here,, while rogue login pages cannot be. Mental tricks may sometimes be utilized to trap users, for example,,,, etc.), as it is frequently the case in phishing schemes.

Please note that although this has been rarely seen on Facebook so far, it is fairly common on MySpace. One of the spammed links has been confirmed to resolve to a web host that also serves content for several pill pushing sites, involved in a criminal fraud ring. Included in this ring are pharmacies from Canada.

Spambots on MySpam have recently begun using more sophisticated techniques, net security firm Websense reports. Malformed profiles are created in such a way that they hide all of the real MySpace profile areas. Surfers clicking on these expecting to view pictures or messages are instead met with content from spammed sites or worse.

This technique can easily be adapted for malicious purposes, such as drive-by installers, MySpace phishing, and so on. MySpace has a built-in security feature to catch form submissions to other sites. However, it seems to be reliant on a ‘Submit’ button being present to trigger the form. Having the warning there is a good, proactive security measure, but if the warning is bypassed, then it does no good.

Beyond that, wall posts containing links must be handled with care. While hijacked accounts have not been proved to be utilized for anything beyond posting relatively innocuous spam, it is not a stretch to think that links to drive-by-install malicious sites could be injected at some point. Following links contained in wall posts is therefore not recommended.

Share this item with others:

More on CyberInsecure:
  • MySpace And Facebook Users Targeted By New Worms
  • Facebook, MySpace Backdoor Exposed User Accounts
  • Facebook Agrees To Permanently Deploy Child-Safety Measures
  • Facebook Attacked By Viral Social Networking Spam From China
  • Social Networks Information Sharing Flaw Exposes Private MySpace Users Photos

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Facebook And Myspace Are Being Link Spammed

    One Response to “Facebook And Myspace Are Being Link Spammed”

    1. Crazy, my friend showed me on his cell phone tonight as he was spammed.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.