Spammers have found a fertile new marketplace on social networking sites such as Facebook and MySpace.

The 'wall' feature on Facebook is being abused by spammers to post deceptive messages, linking to spam sites such as online "pharmacy" shops. The tactic is similar to the long-standing link-spamming approach which involves posting misleading links to spamvertised sites on blogs and forums.

Facebook wall spamming is a recent variant on the theme. Spammers are using genuine users’ profiles to disseminate these messages and are buying or ‘renting’ these identities from online thieves, according to preliminary research by security appliance firm Fortinet.

It reckons miscreants obtained access to users' accounts using phishing attacks, deceptive messages that attempt to trick users into handing over their login credentials to hackers. A phishing worm was spotted spreading on Facebook earlier this year and both incidents may be related.

Fortinet has published an advisory on the attack (containing screenshots) here (http://www.fortiguardcenter.com/advisory/FGA-2008-08.html).

Such spam 2.0 lures are a relatively new phenomenon on Facebook, but they've been kicking around on MySpace for much longer.

Spambots on MySpam have recently begun using more sophisticated techniques, net security firm Websense reports (http://www.websense.com/securitylabs/blog/blog.php?BlogID=182). Malformed profiles are created in such a way that they hide all of the real MySpace profile areas. Surfers clicking on these expecting to view pictures or messages are instead met with content from spamvertised sites or worse.

"This technique can easily be adapted for malicious purposes, such as drive-by installers, MySpace phishing, and so forth," Websense researcher Ali Mesdaq warns.

"MySpace has a built-in security feature to catch form submissions to other sites. However, it seems to be reliant on a 'Submit' button being present to trigger the form. Having the warning there is a good, proactive security measure, but if the warning is bypassed, then it does no good." ®

Related stories

Worms spread via spam on Facebook and MySpace (1 August 2008)
http://www.channelregister.co.uk/2008/08/01/myspace_facebook_worm/
MySpace wins $6m judgment against Spam King (17 June 2008)
http://www.channelregister.co.uk/2008/06/17/myspace_richter_ruling/
Facebook poked by XSS flaw (23 May 2008)
http://www.channelregister.co.uk/2008/05/23/facebook_xss_flaw/
Spammers open new front on social networking sites (14 May 2008)
http://www.channelregister.co.uk/2008/05/14/social_network_spam/
MySpace profile hack provides early warning to predators (18 April 2008)
http://www.channelregister.co.uk/2008/04/18/myspace_tracking_hack_warning/
Compromised legit sites power hack attacks (8 April 2008)
http://www.channelregister.co.uk/2008/04/08/symantec_threat_report/
MySpace trumpets music service (3 April 2008)
http://www.theregister.co.uk/2008/04/03/myspace_music/
Facebook security hole exposes Paris Hilton's . . . um, pics (25 March 2008)
http://www.channelregister.co.uk/2008/03/25/facebook_exposes_private_pics/
Analysts call for secure Facebook access for workers (13 March 2008)
http://www.channelregister.co.uk/2008/03/13/gartner_facebook_secure_business/
Image uploader bug blights MySpace (1 February 2008)
http://www.channelregister.co.uk/2008/02/01/myspace_image_uploader_bug/
Facebook blocks Secret Crush over adware row (8 January 2008)
http://www.channelregister.co.uk/2008/01/08/facebook_blocks_secret_crush/
Secret Crush widget spreads adware on Facebook (4 January 2008)
http://www.channelregister.co.uk/2008/01/04/facebook_adware/
Facebook takes the Captcha rap (13 December 2007)
http://www.channelregister.co.uk/2007/12/13/facebook_captcha_goes_wrong/
Facebook quells fears over code leak snafu (13 August 2007)
http://www.channelregister.co.uk/2007/08/13/facebook_code_leak/
Facebook security glitch exposes user in-boxes (31 July 2007)
http://www.channelregister.co.uk/2007/07/31/facebook/
Grifters find rich pickings on social networking sites (17 May 2007)
http://www.channelregister.co.uk/2007/05/17/social_networking_hack_risk/
Social networkers risk losing their identities (4 October 2006)
http://www.channelregister.co.uk/2006/10/04/social_networking_security_survey/