On September 7, Facebook said it has fixed the bug that allowed a spamming worm to automatically post messages to users’ walls earlier this week.
The flaw was the second in the past week that let spammers flood the service with messages promoting scams.
Recently, Facebook quashed a different bug in its photo upload service that let a spammer post thousands of unwanted wall messages.
The newest worm was noticed Monday by researchers at a pair of antivirus vendors, Finland-based F-Secure and U.K.-based Sophos.
“A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links,” said an F-secure security researcher.
“Until now, typical Facebook spam has required the use of some social engineering to spread.”
Clicking on the link to the bogus application automatically added the app to users’ profiles, then automatically reposted a status message with a new link to friends’ walls, said a prominent researcher at Sophos.
Source: Spammers exploit second Facebook bug in a week - Computerworld