On Sunday, I had an e-mail alert about someone writing on my Facebook wall--a college acquaintance with whom I hadn't spoken in quite some time. As it turns out, I was a victim of "wall spam," a recent phenomenon on Facebook in which automated spam posts show up on members' message walls. It's similar to a wave of profile spam that swept News Corp.'s MySpace a few years ago.
The message in question read, "Some thinks you are special and has a hot^crush on you. Find out who it could be!! ;)" with a link to a Flash file claiming to be hosted on the imageshack.us domain.
But by the time I navigated to my Facebook profile to get rid of the spammy (and possibly virus-ridden) message--within an hour or two of the notification showing up in the first place--the wall post was gone. This means one of either two things: someone else saw the message on my profile and flagged it, or Facebook is actively policing the site to keep it under control, probably by searching for duplicates of a known spam message.
Of course, an hour or two is still a big enough frame of time for people to click on the link and get their computers loaded with some nasty new malware.
I've asked Facebook for comment on exactly what their strategy is and whether any members' login credentials are getting compromised by this spam or virus. I'll update when I hear back.
"Wall spam" rose to notoriety earlier this month, when members started noticing the phenomenon, and security firms started flagging worms that were spreading via Facebook members' walls and installing malware when a link in the message was clicked. The company has recommended antivirus fixes and says it's acting fast.
The Silicon Alley Insider reported earlier this month that Facebook had been deactivating links in identified spam posts; removing the posts entirely is a more aggressive measure.>
"If we get a report of a bug or a hole from a user, a security researcher, a reporter, blogger, or anyone, we check it out and fix it as quickly as possible," Facebook security chair Max Kelly wrote several weeks ago on the company blog in response to another virus. "In fact, we appreciate it when help comes our way from the many security experts and organizations out there."