This is a much needed option from Facebook but not given for the obvious spamage that would occur.
We were alerted of the malware by Roeland Landegent from Shoudio and TodaysArt. A colleague from TodaysArt had fallen victim whilst trying to invite Friends from an event hosted on its Page. The script had removed all the admins and replaced it with the malicious site owner.
- Collects a list of friends of the user
- Collects a list of all pages the current user administers
- Loops through this list of pages and removes all administrators (because you can as administrator)
- Makes a new administrator of the pages by assigning it to an email address (which corresponds with a Facebook user)
- Posts a message to your friends, promoting an Albanian site..
After losing control of their Facebook Page Landegent went on to track down the culprit. In the process he learnt from the hacker that thousands of people fall victim to the malicious script every day. Luckily Landegent was able to get back control of the Page.
Here is a conversation Landgent recorded with the Albanian and watch out for the amusing talk of hiphop to engage the hacker in returning back what was stolen:
The most chilling part of that conversation is when the rapper-hacker says:
“I discovered that facebook.com allowed many thinks [things] that destroy the other accounts”