Facebook - Malware SPAM is harvesting
The ISC is reporting a growing trend in automated malware attacks that gleam Facebook credentials and other private information.
Malware Spam harvesting Facebook Information
QUOTE: A couple years back at our annual RSA "top threat" panels, one of the possible exploits I suggested was the use of social network information for more automated targeted e-mail. At that time, most "spear phishing" was done by first manually collecting information about the victim, then creating an e-mail based on that information. In short: The exploit didn't scale and was expensive. Most of what a half way skilled attacker can do can be done cheaper and faster by a decent python/perl script. Since then, we have seen a number of mass mail campaigns using automated harvesting of social network information. For example, some of the early campaigns searched Linked-In for specific job titles. This latest one abuses information published on Facebook. The spam appears to come from a "Facebook Friend" of yours.