Facebook on Thursday. The worm lures people to a fake Facebook page and prompts them to log in. The fake site steals users information when they type in their username and password. The worm also copies itself to the infected Facebook member's contacts.A new phishing attack hit
The latest attack Web address was 'FBStarter.com', while posing as a message from a friend urging them to "check this out" and including a link to a Web page that appears to be a Facebook log-in page. The attacks were stopped within a few hours in each case, said Facebook spokesman Barry Schnitt. He said it was too early to say whether the attacks are related to the earlier - Wednesday's. "We are investigating," Schnitt said.
The company also alerts anti-fraud partner MarkMonitor, which passes the phishing URL on to the major browsers to block it and contacts ISPs to take the site down, according to Schnitt.
Users who think they have been affected by the scam should change their passwords and review their Facebook stream for any unauthorized changes.