Facebook has had a very bad week. Four different apps have popped up, trying to phish people's usernames and passwords (not that it's necessary in many cases, as Sarah Palin found out during the election and Paris Hilton found out long ago). And now, there's a new variant of he Koobface worm running around. A link to a fake YouTube video sends computers to a remote site where fake Codec trojans are installed and that autoinstalls the worm (oh, THAT'S a new trick). It then scours social networking cookies and makes a DNS query to check IP addresses that correspond to remote domains. Those servers then send and receive information about the machine and the machine is RPC'ed. With the information stroed in the cookies, the worm searches for the friends list. Once found, it sends an HTTP POST request, sending a message to the friend with the bogus link to infect their machine. Obviously, the purpose is to create a botnet. An earlier version of this has already bounced through MySpace.
Those of you that know me know what I'm going to say next -- this wouldn't happen if they ran Linux.
It's actually interesting, because it is sidestepping e-mail security. Suspicious e-mails or strange links? People have learned to think twice before opening them or clicking them. But on a social networking site? There's a little less caution. The self-defense advice is the standard keep your AV up to date, don't click on strange links, don't install codecs from questionable sources, blah blah blah. Happy networking, kids!