Are you one of those users who is always figuring out how to view other Facebook users’ private profiles? Call it curiosity, call it paranoia, you’re a stalker, right! Or you do it for a good reason, because you suspect your girlfriend is dating with a guy and you want to check out her Facebook profile for evidence.

Regardless your reason, whether moral or not, there’s still hope if you believe Facebook will not patch up the security flaw. In the meantime, the bad guys showed us yet again how aware they are of human psychology, and how ready they are to exploit the curiosity of human being.

There is a piece of Windows-based software called Facebook Agent offers the curios, or the paranoia to view other users’ private profiles. Of course, Facebook Agent is asking you to download the software and remember, there’s no such thing as a free lunch these days. In other words, if the software is exceptional good, I doubt they won’t charge a premium for the users to use it.

In this case, users are advised to be wary of using free software from the unknown source, so DON’T download Facebook Agent. Many users downloaded the software and concluded yes it is a Malware, as shown in the tweets. Additionally, two bloggers also provide screenshots, click here and here for further technical details.

Scammers never give up, although various sorts of phishing scams have been blocked by Facebook. It seemed that the more serious one appears to be the fake email with the malicious “updatetool.exe attachment”, as reported by Webroot, an established security experts on the Web.

This fake email is pretends to be from the Facebook administrators. If the victim chooses to go further, he or she will end up at a spoof Facebook login page which prompts users to reveal his / her Facebook password as well as download the file attachment. The message in the fake email itself claimed that the user’s Facebook profile password was reset. In order to retrieve the password, a user need to download and open the attachment. In fact, the file attachment, i.e. “updatetool.exe” is actually the Zeus trojan, a trojan from the Bredolab family.

If you come across similar email in your inbox, straight away delete the fake email. Never fill in secret information on suspicious sites, other than the Facebook homepage, i.e. https:www.facebook.com and avoid downloading the file attachment shown in below.

Online criminals are increasingly targeting at Facebook. So guys, if you’ve received any message that contain the following message subjects, please “do not” open it or proceed according to what the message told.

The message is served as a bait which offer malicious link and if you click on it, it’ll redirect you to a bogus Facebook site and you’ll be prompted to install a virus file in the form of a fake “Adobe_Player11.exe”, according to a report by websense.

FaceBook message: Dancing Girl Drunk In The Pub- facebook Video (Last rated by Betsy Person)
FaceBook message: Dancing girl oriental dance … (Last rated by Abdul Kay)
FaceBook message: Magnificent Striptease Dance (Last rated by Rosalind Lindsey)
FaceBook message: Watch the Oooh! Super Beautiful Girl Dancing (Last rated by Delores Tucker)
FaceBook message: Hot Girl Dancing At Striptease Dance Party

Although the message subject seemed to be appealed to most of the Facebook users, especially male users when first encountered it. But you know you’ll be safe if you ignore such message, and refrain yourself from clicking any URL link within the message, even it is out of your curiosity. Generally, these kind of messages are known well to elicit our emotions, in this case joy, and curiosity.

Another warning: Don’t let this kind of message trick you into clicking the link and install the file. It is due to the virus might not be detected by your anti-virus software installed on your PC or laptop, according to an analysis done by VirusTotal.

Picture 1:

Picture 2:

Secure Computing Corporation has compiled the Quarter 3, 2008 Internet Threats Report (PDF) containing statistical data and analysis covering both email and Web-based threats. Among the findings of the report, Q3 saw the emergence of the new malware targeting users of the popular social networking sites such as MySpace and Facebook.

The worm misuses the functions of these popular sites by posting comments and sending messages like

• “Paris Hilton Tosses Dwarf On The Street”,
• “OMG!!! This is you on hidden cam”,
• “You must see it!!! Funny video clip” or
• “Funny cartoon! I think its FAKE!! What do you think about this?”

to everyone on your contact list.

DO NOT click on any link in these messages if you come across the aforesaid.