There may be a new worm on Facebook today. Unfortunately I don’t yet have enough data to be conclusive. A friend received an IM from a friend on Facebook that said
“Hey i just made myself a cartoon omg lol ill show you but you gotta do urs too”
The IM also included a link which leads to a web site that claims to allow you to upload a picture and it will turn it into a cartoon for a fee. While my friend did not click on the link, his friend did not send the IM, but did click on the same message when he got it from a friend.
Now it would be really great to report this to Facebook, and I did because I have a contact, but for the average user this would be really hard to report as there is no clear and easy to find “report a security problem” mechanism on the Facebook website
Facebook is investigating. At the very least this is an IM spam attack, but it isn’t clear if it is in conjunction with a worm. Regardless, never click blindly on a link a friend sends you. Always exchange a message or two and ask if they really did send you the link. If they say “no” then you know it is a problem.
Randy Abrams
Director of Technical Education
ESET LLC
