A nasty Twitter worm that
attacked thousands of users last week moved over to Facebook
over the weekend.
The rofl worm sent Twitter users direct messages saying "rofl
this you on here?" next to a link that takes the user to a fake
Twitter login page, designed to steal usernames and passwords.
Similar links started appearing on people's Facebook profiles
late last week, with the words "lmao! I cant stop laughing at this
pic".
Graham Cluley, senior technology consultant at security firm
Sophos, said the people behind the attacks know computer users are
more likely to click on a link posted
by what appears to be their online friends. This makes it
easier to launch financially motivated attacks, he said in his
blog.
Rik Ferguson, senior security advisor at Trend Micro, said the
server hosting the fake page has been taken down, so it's
impossible to tell if it was malware or simply phishing.
But he added, "The phishing page itself is no longer active, but
anyone who gave away their credentials remains in danger of
compromise until they change their password."