If you’ve spent time on Facebook, you’ve probably seen one of your friends fall victim to a scam or three. The worst of these scams use security holes to automatically force people to Like a page—and one blogger did some research to show how it actually works.
Earlier today I noticed several of my friends had been hit by a Facebook worm that updated their status, created an event, and finally invited all of their friends to the event. The purpose of the worm was to widely distribute several “work from home” and similar scams. All of this happened instantly when they clicked on a link that they had seen posted by another user that had fallen for the trap. Knowing that Facebook would fix the issue soon, I immediately opened up my HTTP debugging tools and set about discovering how it worked.
Reverse engineering the latest Facebook worm [Hacking Entrepreneurship]