Facebook users are being hit by a survey scam which is spreading virally across the social network, warns security firm Sophos.
Messages claiming to share other users' first-ever Facebook status updates are being posted on users' walls by a rogue application.
Typical posts read: "My 1st St@tus was: '[random message]'. This was posted on [random date] Find your 1st St@tus @ [LINK]"
If users click on this link, which appears to be posted by a Facebook friend, they are taken to a rogue Facebook application. This application will then ask users to give it permission to access their profile. This gives the rogue application the ability to post the same message from the affected account.
Users are also taken to a webpage which contains a survey. Those behind the scam make commission from the number of people completing this survey and in some cases, Facebook users might also be asked for their mobile phone numbers in order to sign them up for an expensive, premium-rate service.
"Sadly, many people are all too quick to give permission to rogue applications like this, giving the bad guys free reign of their Facebook account," said Graham Cluley, senior technology consultant at Sophos.
"If users allow these applications to access their profiles, they may well find that the application has posted a message on their Facebook page, which is visible to all of their online friends, helping to spread the scam further," he said.
Cluley deliberately infected a test account with this application. "It didn't even get my first status or the date correct, but unfortunately, by the time users realise this, they will already have helped the scammers by spreading the message across their network," he said.
Facebook users who have been affected, said Cluley, should delete references to this scam from their wall, to avoid sharing it further with their online friends.
Video: Graham Cluley of Sophos explains how to clean up an affected Facebook account
This was first published in January 2011