![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
A couple of my friends have gotten hit with stuff that's hijacking their accounts as a way to send spam to Facebook. The latest one sent something about www,ArticleBooks,cn which looks like a standard scam (although if I were you, I wouldn't load that -- I'm just putting it here in case someone searches for it).
As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.
So here's a few more reasonable tips that might keep you and your friends spam-free:
1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.
2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.
3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.
4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.
5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.
6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!
As a web security researcher, I'd like to offer some advice. The safest advice would probably be either "don't use any Facebook apps" or "don't use Facebook" but we all know you're not going to do that just because someone sent spam in your name.
So here's a few more reasonable tips that might keep you and your friends spam-free:
1. The problem probably won't be caught by your virus scanner. Do a scan -- it won't hurt -- but if it comes up negative don't assume you're safe.
2. My personal bet is that the Facebook stuff is caused by a rogue app. Uninstall ALL applications you are not using to be more safe. This may be a legitimate application which was hijacked, so you're safest uninstalling as much as possible.
3. Do NOT install any applications used by friends who have sent spam messages. Especially if you get a message like "$infected_friend has send you a gift!" or something: these are common ways for Facebook "viruses" to spread.
4. Consider installing an ad-blocker. Advertisements could also have been used to hijack your Facebook. I highly recommend you use AdBlock Plus on Mozilla Firefox, as some other ad blocking software is sketchy.
5. They may not have stolen your password, but it can't hurt to change your password after you have uninstalled all your apps.
6. If you were hit on twitter, or even Facebook, it could also be some site you visited that hijacked your browser. Check your history and try to warn others if you figure out which site it was!