luke.hutch at mit.edu
Thu Jul 22 13:32:39 PDT 2010
There has been a spate of facebook viruses in the last few months that
have exploited social engineering and the ability to paste arbitrary
themselves. Typically these show up as Facebook fan pages with an
into the addressbar to show whatever the title is talking about.
However doing so scrapes your facebook friends list, and the virus
mails itself to all your fb friends.
Frequently these viruses will redirect to a legit-looking page after
propagating themselves, so the user doesn't know they have been duped
until one of their friends ask why they sent out the link. In most
cases nobody says anything because it looks like a legitimate shared
link (and there's so much junk shared on facebook anyway that nobody
can tell the difference!) -- as a result these viruses have been
wildly successful, accumulating tens of thousands of "Like"s before
anybody even reports the page as spam.
There is no legitimate reason that non-developers would need to paste
should be disabled by default on all browsers. (Of course this would
The above bug report was closed with the following suggestion: "to get
traction on this, I'd suggest looping in other browser vendors. The
WHATWG list might be appropriate. These sorts of changes work best
when all browser vendors move in unison."
More information about the whatwg