Facebook Continues to Fend Off Scammers

May 21, 2009— -- Facebook scammers are at it again.

On Wednesday, users of the popular social networking site were attacked by yet another phishing virus attempting to harvest their e-mail addresses and passwords.

Prompted by a Facebook message sent from a friend's account, users are sent to "areps.at," "best.at," "brunga.at" and "kirgo.at" -- Web sites constructed to mirror Facebook's log-in page. Thinking they're on a Facebook-related site, users enter their e-mail addresses and passwords.

But once the menacing program has this information, it perpetuates the scam by hacking into users' accounts and re-sending the link to their friends in a message simply labeled "Hello" that contains the link. In late April, two similar viruses, FBAction.net and FBStarter.net, attacked Facebook.

'Brunga.at' and 'Areps.at' Are Two of the Fraudulent URLs

Although it's difficult to assess how many accounts have been infected by the virus and Facebook declined to disclose the information, as of Thursday evening, "brunga.at" and "areps.at" topped the list of hottest Google search terms.

"The impact of this attack or the previous ones are not widespread and only impacted a tiny fraction of a percent of users," Facebook spokesman Barry Schnitt told ABCNews.com in an e-mail. "We've been updating our monitoring systems with information gleaned from the previous attacks so that each new attack is detected more quickly. Our technical efforts and user education initiatives are significantly reducing the impact of each subsequent attack."

He said the social networking site had blocked links to the questionable sites from being shared on Facebook and had added them to the list of sites blacklisted by major browsers. The company also is cleaning up phony messages and wall posts and resetting the passwords of affected users.

Although the motivations of the people behind the attack are unknown, Facebook is an appealing target for spammers because users store so much personal information on it. In addition to names and e-mail addresses, some people keep their birthdays, addresses and telephone numbers. Once hackers have that information, they can sell it to others on a black market.

Users should be cautious of Facebook messages that look suspicious or require an additional login. Those who have entered their information on these fraudulent sites should change their passwords. Facebook also encourages members to visit its Facebook Security Page for updates on new threats.

Phishing Viruses Thrive Off the Fact That People Trust Their Friends

Justin Smith, editor of InsideFacebook.com, said it's difficult to know how many people are infected by attacks like this. But in the past, he added, Facebook has said about 1 percent of users' are affected by spam attacks. That's a small percentage, to be sure, but still a significant chunk of people when you consider that the site has more than 200 million users.

Facebook, he said, invests significant time and resources in fighting hackers but it can only do so much.

"Attacks like these do illustrate one type of social networking security challenge that's likely to persist: They thrive off the fact that many people will always click on links in messages from friends, even if they seem out of the ordinary," he said.

This scam, like the others, steals passwords to propagate itself, he said. But it doesn't appear to abuse the compromised accounts any further than that.

Nick O'Neil, editor of the blog AllFacebook.com, said these false Web sites, like their predecessors, appear to originate from Eastern Europe.

In recent weeks, he said, at least one visible phishing scam has hit the social networking site each week.

"Facebook has been in a full-fledged war with spammers and hackers, and this is only the latest round of that battle. Over the coming weeks and months, you can pretty much guarantee that we'll see more of them," he wrote, adding that these scams are not as vicious as the ones that notoriously plagued MySpace years ago.

New Users Are Like 'New Kids on the Block'

Smith also said that as Facebook welcomes scores of new users, about 3.5 million each week, it creates a large audience of people who haven't been exposed to the kinds of phishing attacks that hit social networking sites.

"I think we've seen as new users have joined, it takes some time for users to figure out how to use new communication tools," he said, adding that many new users are over 35 and new to this kind of social environment.

"These are kind of the new kids on the block, and so it's a little easier to pick on them," he said.

Facebook's Schnitt, however, has maintained that they have not established any correlation between new users and the attacks.

He also cautioned users to only log in to sites when www.facebook.com is in the browser and to be very cautious of any messages or links they find on Facebook that ask them to log in again. Keeping unique logins and passwords for different sites is also helpful.