More security threats hit Facebook

Facebook faces more trouble this week, as security threats make their way across the social networking site.

The latest is a variant of the Koobface worm, which targets all the major social networking sites, including Facebook.

Rik Ferguson, a security researcher from Trend Micro, explained in a blog post that he received a message via Facebook, directing him to a video. "The link had taken me to a site supposedly hosting a video posted by the same person that I had received the Facebook message from," he said.

"In fact not only was the malicious landing page displaying his name, it had also pulled the photo from his Facebook profile. A very neat little piece of social engineering."

The site prompts visitors to download a setup.exe file, which in fact holds the Koobface worm. "The worm connects to a respective site using login credentials stored in the gathered cookies," Ferguson explained. "It then searches for an infected user's friends, who are then sent messages containing a link where a copy of the worm is downloaded."

Ferguson warned users "to ignore such messages, and refrain from clicking links in unsolicited messages, even out of curiosity."

The worm follows previous security woes over the past week, including a pair of rogue applications which sent an error message to users of the site. The site also made headlines after changing its terms.

Rob Cotton, chief executive of NCC Group, said users of such sites need to learn to be wary. "The friendly, open nature of social media sites such as Facebook makes them easy targets for hackers as users are very trusting of the content."

"As web 2.0 applications become more mainstream, it is vital that people start to ask questions about where the content and applications are coming from," Cotton added. "We are all careful now about shredding our personal post at home, but we are dangerously unaware of the information we are handing out to online criminals."

Click here to read five Facebook surprises.