Worms on Facebook are becoming almost as ubiquitous as the site itself. With so many Facebook pages on the network today, and with everyone trying to get their pages additional "LIKES," it's wise in general to stay away from any page with "Shocking" in its title - let alone, if its followed by "This girl killed herself after her Dad posted this photo." Early reports
Once the message pops on on one's page, it's followed by a more urgent message that states "What are you still doing here? You should be on the photo tab. You can click here to visit there now" and then offers the link to visit the photo tab page. Once this link is clicked it forces the Facebook member to "LIKE" the useless page, kicking the worm into gear, adding the link to the user's Wall and alerting all his or her friends that they should do the same.
According to a Helium
report, early on October 2, one of Google's top searches was "This girl killed herself after her Dad posted this photo." This in turn, was the bait catalyst to lure unsuspecting Facebook members to spread the worm - before they had a chance to understand its malicious intent.
A search on Facebook
using the same wording, will question the searcher is they meant "cooking girl" versus "this girl killed." By going to this page, those affected have been posting their findings and experience with the worm.
As far as what can be determined, the scammers' exploit doesn't appear to compromise one's Facebook account or steal passwords. Here is what the links look like.
The best solution is to REMOVE the link from your page. Clicking on it will only spread the worm.
Facebook has not issued a formal statement regarding the malware but security forums and blog sites are posting a good number of updates - as will this one - as more information comes in.
Previously, hackers were targeting the email accounts of Facebook members where one's passwords were obtained and contact lists of users were compromised. I personally experienced that last round of attacks, where my entire contact list received emails with links to an online "Canadian medical prescription company." The only way to circumvent that attack was to change the password to my email account.