Strange Facebook Status Updates

Another day, another potential Facebook vulnerability.

SANS' Internet Storm Center posted an example of a status update today that plays off the Facebook "Like" feature. More and more status updates are using the word "like" to draw people to click on a link. For example, a post would have three different links you can click on, which take you to a page with "provocative quotes" that you can also "like." You also can see the visual example here. The links apparently have a domain of "x.co," which is highly suspicious.

Although there doesn't appear to be anything malicious going on here, it's certainly another form of spam on Facebook. Down the road similar methods could potentially be used for exploits like clickjacking or cross-site-request-forging.

I've always found that in Facebook it's better to not click on anything, including applications and games. You never know what you're downloading. I also worry a lot about tiny urls. Seems like it would be a lot easier for an attacker to send out a malicious link disguised in a tinyURL. Even if I trust the person who is posting the link, I tend to stay away from it. Sometimes I even send them an e-mail asking if they meant to post something.

Adam Ross is managing editor at the SANS Institute and wrote, edited, and Web produced for The Washington Post's opinions and politics sections, online and in print. You can reach him at aross@nextgov.com.