Some Facebook accounts that were hijacked in phishing attacks last week were used to send out spam on Thursday that directed people to a Web site hosting malware, according to the social networking company.
Some Facebook users reported receiving messages that said "look at mygener.im" and contained a link that led to a site that appeared to be hosting adware, said Facebook spokesman Barry Schnitt. Adware is software that automatically displays or plays ads on a computer once it has been installed and can be used to spy on computers.
"We think it's adware," Schnitt said. "It doesn't appear to be self-propagating. We are still investigating."
The malware Web site was offline by late morning Pacific time and any messages on Facebook containing the link had been removed, he said.
The spam attack is believed to be the second stage of two related phishing attacks that happened last week. In those attacks, Facebook users received messages from friends urging them to "check this out" and including a link to "FBStarter" or "FBAction" Web pages. The pages appeared to be Facebook log-in pages, but were fake sites designed to steal usernames and passwords.
"It appears that the spammer has bided his time a little bit," Schnitt said in reference to the week between the spam attacks.
Facebook reset the passwords of members whose accounts were used to distribute the spam last week, but apparently the phishers were able to get control of at least one of the affected accounts before that could happen. Those hijacked accounts were then used to send the spam on Thursday.
People who received the latest spam and clicked on the link it contained should run an anti-virus scanner on their computers to make sure there is no malware on them, Schnitt said.
People who had clicked on the link in last week's phishing attacks should reset their passwords if they haven't already done so.
By Elinor Mills