Security researchers have warned that the infamous Zeus malware is once again spreading on Facebook, after attackers used compromised accounts to post spam messages disguised as photos.
Facebook users clicking on the photo message are redirected to a third-party attack site that automatically downloads a Trojan installer which includes the Zeus code.
"By definition, social networking is social. Facebook is built to easily allow people to share pictures, videos and other content, and people trust what they receive from their friends," said Mike Geide, senior security researcher at Zscaler ThreatLabz.
"Malware, such as this recent example, can take advantage of the sharing mechanisms and users' trust of their friends within social networking."
Security firm Sophos monitored a similar attack, although the company said that the malware payload had been removed from the attack site that it had tracked.
Sophos senior technology consultant Graham Cluley noted that the use of compromised accounts are especially effective in spreading such attacks.
"The danger, of course, is that one of your Facebook friends may have had their account compromised," he said in a blog post.
"Maybe they were sloppy with their password security, or gave access to a rogue application and you might be tempted into clicking on a link seemingly posted by them."
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps