Facebook recently expanded the "Like" feature, allowing users of the social networking site to "like" individual comments to a given post, and expanding the application of the voting system to other sites. Now, a malware scam is circulating that exploits the demand from Facebook users for its antithesis--the "Dislike" button.
The Like button, and the ability to Like Facebook pages are popular tools. The Like feature provides a framework for users to help promote good content by voting for it with the Like button. However, many users wish they could also police bad content by giving it the thumbs down with a Dislike button.
The Facebook Dislike button scam works the same as many other viral messaging scams on Facebook. It eggs the recipient on by teasing--or imploring depending on the wording--that the Facebook friend has downloaded the "official DISLIKE button" and provides a link to download it and be part of the in-crowd.
Graham Cluley from security vendor Sophos highlighted the viral Facebook threat in a recent blog post. "Falling for any of these scams (which promise some lurid or eye-popping or exclusive content) typically trick you into giving a rogue Facebook application permission to access your profile, posting spam messages from your account and asking you to complete an online survey."
Cluley explains "If you do give the app permission to run, it silently updates your Facebook status to promote the link that tricked you in the first place, thus spreading the message virally to your Facebook friends and online contacts," adding "But you still haven't at this point been given a "Dislike" Facebook button, and the rogue application requires you to complete an online survey (which makes money for the scammers) before ultimately pointing you to a Firefox browser add-on for a Facebook dislike button developed by FaceMod."
Facemod does not appear to be connected to the scam. Its Firefox add-on is simply providing the ammunition that the scam needs to lure people into clicking the link and completing the survey to generate revenue for the scammers.
For organizations that allow even limited use of social networking sites such as Facebook, there is an underlying concern that IT admins should be aware of. This scam illustrates how easy it is to exploit the social nature of a site like Facebook--adding an inherent element of trust for messages that come from known friends.
IT admins should ensure that users are educated about the risks and provide guidance not to click on such links. This particular scam simply propagates itself virally and does no real harm per se, but having users in the habit of clicking links just because they come from trusted connections on a social network is an open door for malicious attacks as well.
Ultimately, do we really need a "Dislike" button? Didn't your mother teach you that if you don't have something nice to say, just don't say anything at all?