Facebook users suffer second 'sexy' malware attack

Facebook users have come under attack yet again

Security experts have called on Facebook to set up an early warning system on its network to notify users of any threats as and when they occur, after yet another malware attack hit the site over the weekend.

The attack is the second in successive Saturdays to use a 'sexy video' to lure the recipient into clicking on a fake FLV Player upgrade message which then downloads adware onto the PC.

Both files arrive as a thumbnail video in messages posted to users' walls. Last week's included the message: 'This is without doubt the sexiest video ever!: P :P :P.', while the new scam refers to 'distracting beach babes'.

"Facebook is aware of the problem and is actively removing both the wall posts and the malicious applications," wrote Websense senior research manager Patrik Runald in a blog post.

"We certainly hope that 'a new malware scam on Facebook every Saturday' won't turn into a trend."

However, Graham Cluley, senior technology consultant at Sophos, went further, complaining in a blog post that the dedicated Facebook Security page has still posted no official warnings about either of the attacks.

"Isn't it time that Facebook set up an early warning system through which they can alert their almost 500 million users about breaking threats as they happen?" he wrote.

"Imagine just how many people could have been protected if a simple message had appeared on all users' screens warning them of the outbreak."

Cluley added that the criminals behind the attacks may be launching them at weekends in an attempt to catch anti-virus researchers and Facebook's security team "snoozing".

A Facebook spokesperson responded that it is usually better to educate users with simple rules on how to keep their online accounts secure, rather than point out each individual scam.

“We work quickly to disable any bugs, or applications that contain malware, ensuring that once reported to us they have minimal impact on our users," the spokesperson added.

"We urge people to remember that if someone is posting comments, or links, or sending you messages that look weird, don’t trust it. Delete it immediately and let the person know."