A scam involving Facebook adds injury to insult, first by insulting victims and then infecting their machines with the Blackhole browser-exploit kit.
The scam takes the form of an emailed message pretending to come from Facebook. It alerts the victim about a malicious comment someone else supposedly left on the victim's Facebook "wall."
"_____ wrote: "you piece of s#*t!!!" the message reads, above a button that invites the reader to "see the comment thread."
But instead of taking victims to a comment thread, the link leads to a Web page that contains the Blackhole exploit kit, which bombards browsers with dozens of known vulnerability exploits until something gets through.
But observant users can avoid the attack if they pay attention to the sender's email address: comments@faceb00k.com
According to the British security firm Sophos, Internet users need to always be on their guard.
"You would have been protected from this threat if you had kept your wits about you," Sophos researcher Graham Cluley wrote on the company's Naked Security blog. "Even if you didn't notice that "Faceb00k" was spelt incorrectly, you could have seen by hovering your mouse over the link that it wasn't going to take you directly to the genuine Facebook website."
Follow Ben on Twitter@benkwx.
