Survey stuff worm spreads across Facebook

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Have you seen messages like these being posted by your Facebook friends?

I thought this survey stuff was GARBAGE but i just went on a shopping spree at walmart thanks to FB = <link> , this wont last long so gooo!

I thought this survey stuff was BULL** but i swear I just used the Best Buy giftcard they sent me here <link> to buy a laptop!

I’ve removed the links from the above examples, but they point to Facebook applications.

Sign up to our free newsletter.
Security news, advice, and tips.

Survey scam messages

In the examples I’ve seen, the messages have one thing beyond their wording in common – they’re all posted “via Mobile Web”, suggesting that the posts (which weren’t made by your friends, just in case you were still in any doubt) may be using a common vulnerability.

What’s interesting is that the application’s name seems to change each time. That obviously makes it harder to tell users what to look out for, but potentially could also make it more tricky for Facebook’s security team to shut down.

Facebook’s security team may already be on to it – all of the links I have clicked on so far have been blocked (no, I’m not suggesting you try it at home folks). But if there is an unpatched vulnerability which scammers are exploiting it’s possible we might see a renewed attack wearing a different disguise in the near future.

What’s worrying is that our friends at All Facebook report that the worm can automatically post to your wall and message your friends – helping it to spread virally.

This has been confirmed by one of my colleagues at Sophos – who sent me the following message after one of his online friends was hit in the attack:

"There IS a vulnerability... You click on the link and it automatically adds the app into your apps profile. And it automatically reposts a status (with another random link). Spent an hour checking my friends... and my own apps settings."

Survey worm discussion

Be on your guard against suspicious posts made by your Facebook friends, and if you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.