Facebook worm steals account passwords

Apparently there is a new (old, but resurfaced) worm out there that spreads through Facebook.

From Computerworld,

[…] the newest Koobface tries to dupe users into clicking on a link that’s included in a message from a friend. Clicking on the link displays a fake error message claiming that Adobe System Inc.’s Flash is out of date, and prompts the user to download an update.

The update is nothing of the sort, but is instead an executable file that installs the Koobface worm.

[…] rifles through a compromised PC, sniffs out browser cookies associated with 10 different social networking sites, uses the usernames and passwords within those cookies to log on to each service, searches for the infected user’s friends and then sends those people messages that include a link to the worm.

It looks for cookies connected to bebo.com, Facebook, Friendster, fubar.com, hi5.com, LiveJournal, MySpace, myYearbook, Netlog and Tagged.

I fully agree with the last statement:

Users need to be very, very careful about what they install when they’re on these [social networking] services,” […] “And they should be careful about how they use social networks and what information they put on them. The criminals are gleaning all the information they can and using it against you.”