Facebook's 120 million users are being targeted by a virus dubbed "Koobface" that uses the social network's messaging system to infect PCs, then tries to gather sensitive information such as credit card numbers.
It is the latest attack by hackers increasingly looking to prey on users of social networking sites.
"A few other viruses have tried to use Facebook in similar ways to propagate themselves," Facebook spokesman Barry Schnitt said in an e-mail. He said a "very small percentage of users" had been affected by these viruses.
"It is on the rise, relative to other threats like e-mails," said Craig Schmugar, a researcher with McAfee Inc.
Koobface spreads by sending notes to friends of someone whose PC has been infected. The messages, with subject headers like, "You look just awesome in this new movie," direct recipients to a website where they are asked to download what it claims is an update of Adobe Systems Inc's Flash player.
If they download the software, users end up with an infected computer, which then takes users to contaminated sites when they try to use search engines from Google, Yahoo, MSN and Live.com, according McAfee.
McAfee warned in a blog entry on Wednesday that its researchers had discovered that Koobface was making the rounds on Facebook.
Facebook requires senders of messages within the network to be members and hides user data from people who do not have accounts, said Chris Boyd, a researcher with FaceTime Security Labs. Because of that, users tend to be far less suspicious of messages they receive in the network.
"People tend to let their guard down. They think you've got to log in with an account, so there is no way that worms and other viruses could infect them," Boyd said.
Social network MySpace, owned by News Corp, was hit by a version of Koobface in August and used security technology to eradicate it, according to a company spokeswoman. The virus has not cropped up since then, she said.
Privately held Facebook has told members to delete contaminated e-mails and has posted directions at www.facebook.com/security on how to clean infected computers.
Richard Larmer, chief executive of RLM Public Relations in New York, said he threw out his PC after it became infected by Koobface, which downloaded malicious software onto his PC. It was really bad. It destroyed my computer," he said.
McAfee has not yet identified the perpetrators behind Koobface, who are improving the malicious software behind the virus in a bid to outsmart security at Facebook and MySpace.
"The people behind it are updating it, refining it, adding new functionalities," said McAfee's Schmugar.
(Reporting by Jim Finkle, Additional reporting by Emily Kaiser; Editing by Toni Reinhold) This service is not intended to encourage spam. The details provided by your colleague have been used for the sole purpose of facilitating this email communication and have not been retained by Thomson Reuters. Your personal details have not been added to any database or mailing list.
If you would like to receive news articles delivered to your email address, please subscribe at www.reuters.com/newsmails © Copyright Thomson Reuters 2008 All rights reserved. Users may download and print extracts of content from this website for their own personal and non-commercial use only. Republication or redistribution of Thomson Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Thomson Reuters. Thomson Reuters and its logo are registered trademarks or trademarks of the Thomson Reuters group of companies around the world.
Quotes and other data are provided for your personal information only, and are not intended for trading purposes. Thomson Reuters and its data providers shall not be liable for any errors or delays in the quotes or other data, or for any actions taken in reliance thereon.