Facebook spam
February 13, 2010 7:46 AM Subscribe
My Facebook friends have apparently received some spam from me telling them to "lose weight in 2010!"
This wasn't intended on my part; I don't know how they received it.
I changed the password on my Facebook account.
I've also run a virus scan on my computer, run CCleaner, etc. No signs of any infection on my computer.
Any ideas as to what is going on here?
This wasn't intended on my part; I don't know how they received it.
I changed the password on my Facebook account.
I've also run a virus scan on my computer, run CCleaner, etc. No signs of any infection on my computer.
Any ideas as to what is going on here?
Response by poster: No, I changed the password after they received the spam.
As far as I know they haven't received more.
posted by dfriedman at 7:53 AM on February 13, 2010
As far as I know they haven't received more.
posted by dfriedman at 7:53 AM on February 13, 2010
Ok, well then chances are you have stopped the spammer who had somehow acquired your old password. My second question was going to be how in particular they were getting the spam message because there was a problem with third party apps placing ads within the app and using people's personal pictures. My guess is you either left yourself logged into facebook on a public machine or entered your username and password into what you thought was a legit facebook login but wasn't. These are the most common ways someone can get access to your account. It's all going to be speculation though.
posted by kthxbi at 7:59 AM on February 13, 2010
posted by kthxbi at 7:59 AM on February 13, 2010
Response by poster: Well, I don't use public machines.
The only way I access facebook is via my laptop, which never leaves my apartment, and my iPhone.
My laptop's wifi is turned off. Perhaps someone sniffed the password from my iPhone when I was logging into Facebook?
posted by dfriedman at 8:01 AM on February 13, 2010
The only way I access facebook is via my laptop, which never leaves my apartment, and my iPhone.
My laptop's wifi is turned off. Perhaps someone sniffed the password from my iPhone when I was logging into Facebook?
posted by dfriedman at 8:01 AM on February 13, 2010
For what it's worth, I received this same spam from two other friends so my guess is that it's not something that's that you-specific.
posted by jessamyn at 8:05 AM on February 13, 2010
posted by jessamyn at 8:05 AM on February 13, 2010
Same as Jessamyn, I just got one of these this morning. I feel better knowing that it's spam and not a hint from someone that I need to lose weight :)
posted by echo0720 at 8:13 AM on February 13, 2010
posted by echo0720 at 8:13 AM on February 13, 2010
I have been seeing this type of scam pretty frequently lately. i.e. Someone's Facebook account being used to post some type of spam ad on a large number of friends walls. (they come in lots of different flavors: "Make lots of money working from home" "I've set you up on a blind date" "Oh man you should see this crazy picture of you that got posted on the internet ;)" etc)
I haven't seen any definitive answers about how it is done, but once you change your password the spamming appears to stop. I've never been able to find a virus/spyware on the computers of people who have been affected.
It may be that the spammers are able to brute force guess enough passwords that they occasionally break into a account. Alternatively they may be taking advantage of the fact that your computer is already logged in to facebook to somehow make the posts in the background after you have gone to a malicious site.
posted by vegetableagony at 8:25 AM on February 13, 2010
I haven't seen any definitive answers about how it is done, but once you change your password the spamming appears to stop. I've never been able to find a virus/spyware on the computers of people who have been affected.
It may be that the spammers are able to brute force guess enough passwords that they occasionally break into a account. Alternatively they may be taking advantage of the fact that your computer is already logged in to facebook to somehow make the posts in the background after you have gone to a malicious site.
posted by vegetableagony at 8:25 AM on February 13, 2010
Apps can do this, they don't need to touch your account or hack your password.
posted by jedrek at 9:02 AM on February 13, 2010 [2 favorites]
posted by jedrek at 9:02 AM on February 13, 2010 [2 favorites]
At least for one of the examples vegetableagony mentioned ("Oh man you should see.."), someone who's had their password exposed posts that link on their friends' walls. The friend clicks on the link which directs them to a page that looks like Facebook's login. If you entered your information there, they have your username and password, and they login to your account and post the same messages on your friends' wall.
If you're running Chrome or IE7 (I didn't test it with Firefox), the login page should be replaced with a red page telling you the site you've gone to is a known phishing page.
posted by SAC at 9:31 AM on February 13, 2010
If you're running Chrome or IE7 (I didn't test it with Firefox), the login page should be replaced with a red page telling you the site you've gone to is a known phishing page.
posted by SAC at 9:31 AM on February 13, 2010
From what I can gather there are applications that are spam and propogate themselves by pretending to be a fun legit app. You click on it, it sends spam to your friends, you get a broken page.
posted by daysocks at 11:05 AM on February 13, 2010
posted by daysocks at 11:05 AM on February 13, 2010
Consider using stronger, randomly generated passwords, and use a different password for every website. You can store them in a database program like KeePass. Honestly, sometimes people look at me weird when I tell them I don't know my own passwords, but I've never had a problem logging in away from home. I keep Portable KeePass on my USB drive, and in cases where that won't work (such as IT policies against using USB drives due to fear of viruses), there's websites like Agatra that store your passwords and let you login. (Despite the warning that it's no longer supported, it still works fine.)
posted by IndigoRain at 12:21 PM on February 13, 2010 [1 favorite]
posted by IndigoRain at 12:21 PM on February 13, 2010 [1 favorite]
I think there's a lot of viral/malware/spam crap on FB, and it circulates pretty quickly. I could be wrong, I'm not a computer programmer-y type person, but my bet is this was done through some variety of nefarious application rather than someone determining your password and spamming everyone on your friends' list. Recently, I've received a few spam messages (the email, not the message-on-the-wall, variety -- and I doubt that those people know that they're sending out this crap) through FB complete with weird links, and, apparently, I once I 'posted' a whole bunch of spammy comments on people's walls myself. This was at a time when I would accept application invitations from trusted friends ('sure, if so-and-so invited me specially to join their group in iCult, why not?!'). I've since stopped accepting requests and I block most applications. It seems like at least 90% of all apps, even legitimate ones, are very interested in gaining access to people's friend lists so that they can lure you to join up, too. Do you click on a lot of applications and quizzes? Do a lot of your friends seem to have obsessions with all these different apps? Be really choosy about what you click on and block anything that seems mildly suspicious.
posted by Mael Oui at 8:43 PM on February 13, 2010 [1 favorite]
posted by Mael Oui at 8:43 PM on February 13, 2010 [1 favorite]
This thread is closed to new comments.
posted by kthxbi at 7:52 AM on February 13, 2010