PSA: Farmville used as bait in new "likejacking" scams

It seems some internet ne'er-do-wells are trying to capitalize on the popularity of Farmville to spread spam and unsolicited messages through unwary users' Facebook profiles.

The new Internet attack, referred to as "likejacking" in the security trade, takes advantage of a security hole in Facebook's relatively new ability to "like" any page on the web. Basically, the scam uses hidden Javascript code to turn a harmless looking link into an automatic, unsolicited post of HTML code to the clicker's Facebook News Feed. These malicious posts often contain advertising messages and/or further links that can lead the message to spread further as friends click around their own News Feeds.

As the Sophos security blog reports, attackers are now using offers of "Free Farmville Secrets E-books" as the bait to attract the clicks necessary to activate the scam. Other popular bait subjects include Sex and the City 2, Shrek, bp, free gift cards, UFC and "sexy videos."

How can you protect yourself? Basically the best way is to be careful about what links you click, and to monitor your personal wall posts for any unsolicited messages (you can delete them if you notice them). We hope Facebook will take steps to close this security hole soon, but until then, eternal vigilance is the price of liberty.