Corrons said that services like Facebook are allowing cybercriminals to create lures for internet users, causing them to infect their computers with malware. Facebook, he says, is the biggest social network, and in spite of the controversy caused by the (lack of) privacy of information, it doesn't stop growing.
"One of the easiest actions it enables is to say that you `like' something and many websites have added this feature, in such a way that you can say that you like something just with a click as long as you're logged in Facebook", he said in a security posting.
According to Corrons, the problem with this is that with some simple javascript code, the original use that was given to this functionality can be corrupted.
"Imagine that I add to the PandaLabs blog an icon so that you can say that you like PandaLabs. You'll think that your Facebook account will [then] be updated with the information that you like Pandalabs", he said.
But, he added, it is possible to alter the Facebook code to do something else, such as posting a note that: "Luis likes to know that he is a dummy."
Although this is clearly a joke, the Panda Security technical director says that the Javascript could do something worse, such as inviting users to click on a link to win an iPad, but, instead, the text that the other person wants will actually appear on Facebook.
The good news, Infosecurity notes, is that Corrons says his researchers have not yet seen any malware distribution using this attack methodology, but he hints that this could change. "My advice: be distrustful, don't trust anything and disable javascript in your browsers", he said.