A nasty Twitter worm that attacked thousands of users last week moved over to Facebook over the weekend.
The rofl worm sent Twitter users direct messages saying "rofl this you on here?" next to a link that takes the user to a fake Twitter login page, designed to steal usernames and passwords.
Similar links started appearing on people's Facebook profiles late last week, with the words "lmao! I cant stop laughing at this pic".
Graham Cluley, senior technology consultant at security firm Sophos, said the people behind the attacks know computer users are more likely to click on a link posted by what appears to be their online friends. This makes it easier to launch financially motivated attacks, he said in his blog.
Rik Ferguson, senior security advisor at Trend Micro, said the server hosting the fake page has been taken down, so it's impossible to tell if it was malware or simply phishing.
But he added, "The phishing page itself is no longer active, but anyone who gave away their credentials remains in danger of compromise until they change their password."