Facebook scammers are at it again.
On Wednesday, users of the popular social networking site were attacked by yet another phishing virus attempting to harvest their e-mail addresses and passwords.
Prompted by a Facebook message sent from a friend's account, users are sent to "areps.at," "best.at," "brunga.at" and "kirgo.at" -- Web sites constructed to mirror Facebook's log-in page. Thinking they're on a Facebook-related site, users enter their e-mail addresses and passwords.
But once the menacing program has this information, it perpetuates the scam by hacking into users' accounts and re-sending the link to their friends in a message simply labeled "Hello" that contains the link. In late April, two similar viruses, FBAction.net and FBStarter.net, attacked Facebook.
Although it's difficult to assess how many accounts have been infected by the virus and Facebook declined to disclose the information, as of Thursday evening, "brunga.at" and "areps.at" topped the list of hottest Google search terms.
"The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a percent of users," Facebook spokesman Barry Schnitt told ABCNews.com in an e-mail. "We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly. Our technical efforts and user education initiatives are significantly reducing the impact of each subsequent attack."
He said the social networking site had blocked links to the questionable sites from being shared on Facebook and had added them to the list of sites blacklisted by major browsers. The company also is cleaning up phony messages and wall posts and resetting the passwords of affected users.
Although the motivations of the people behind the attack are unknown, Facebook is an appealing target for spammers because users store so much personal information on it. In addition to names and e-mail addresses, some people keep their birthdays, addresses and telephone numbers. Once hackers have that information, they can sell it to others on a black market.
Users should be cautious of Facebook messages that look suspicious or require an additional login. Those who have entered their information on these fraudulent sites should change their passwords. Facebook also encourages members to visit its Facebook Security Page for updates on new threats.
Justin Smith, editor of InsideFacebook.com, said it's difficult to know how many people are infected by attacks like this. But in the past, he added, Facebook has said about 1 percent of users' are affected by spam attacks. That's a small percentage, to be sure, but still a significant chunk of people when you consider that the site has more than 200 million users.
Facebook, he said, invests significant time and resources in fighting hackers but it can only do so much.
"Attacks like these do illustrate one type of social networking security challenge that's likely to persist: They thrive off the fact that many people will always click on links in messages from friends, even if they seem out of the ordinary," he said.
This scam, like the others, steals passwords to propagate itself, he said. But it doesn't appear to abuse the compromised accounts any further than that.