This was posted on my Facebook wall by a guy I know from high school. For some reason, I doubt he authored this particular missive.

Yeah, he's gonna post a message on my Facebook wall out of the blue and leave that kind of garbage.

However, this bit of Facebook wall-spam came right after receiving a couple friend requests that were awful suspicious. Take a look at the first profile:

It's interesting that she has almost no friends that are all in one place, and certainly no one that I know. Why would they want to be my Facebook friend? The profile also has no real content in it - just a picture.

Then I got another friend request a week or so later from an awfully similar profile:

This one at least is attached to a university I might actually know someone at, but still, the profile is in the same pattern.

• highly geographically scattered 'friends' with no high concentration locales

• absence of any unique personal information
• no wall
• female

Why does female matter? I assume the bot creators have a higher response rate if they use female pictures in the profiles that they use to 'friend' males with.

the wall spam

I think that seeing this Facebook wall-spam indicates we have achieved an interesting new level of potential network compromise. I can only see two possible situations whereby someone could manipulate a Facebook account in this way. The first is simply that the account login and password have been compromised, and possibly the Facebook spams are carried out by a program running on my friend's computer (accidentally downloaded virus perhaps). This is somewhat likely, but I believe that this spam is the result of a malicious third-party Facebook application.

I can easily see the situation where a malicious program is able to run on Facebook's own servers in the guise of a third-party application that someone has added to their profile. Although I doubt the Facebook development kit is full-featured enough to have exploits hidden inside it that could be particularly damaging, it would seem that this sort of bot creation is certainly not impossible. Imagine it - a bot that's largely not detectable by administrators, because it's not really doing anything it's not supposed to be allowed to do. It operates within its own layer inside the Facebook cloud, never having infected the thin-client used to access the cloud, or the cloud itself, per se.

However, if we are to assume it's a malicious program, or 'computer virus', it would have to have a vector of infection, correct? Well, based on my buddy's page, it seems he's ripe for the plucking. Here's a random screenshot:


Even if I'm totally wrong about this whole thing, something of the sort seems inevitable:

the computer virus's second cousin, twice removed

Welcome to the dawn of a new era in Cloud Computing.