David De Lossy / Getty Images stock

It's still early enough in the year to keep those New Year's resolutions and to be flooded by diet commercials in magazines, on TV — and on Facebook. One weight-loss promotion on the social networking site, however, has turned into a spam headache for users.

If you start seeing a lot of postings from your friends saying they've lost 10 pounds in one week thanks to an HCG diet, they're not dieting together in some cult-like fashion. They probably the victim of the spam attack. The goal of it is to get users to click on a Web link to the diet.

The messages typically look like this, advises Sophos Security:

Sophos

If you're seeing those messages, you might want to directly email your Facebook friend that "the scammers have taken advantage of their account to spew out diet spam, and advise them to be a lot more careful in future," writes Graham Cluley on Sophos' Naked Security blog.

While the spam doesn't appear to be malicious, "affected users should also run an up-to-date anti-virus program on their computers and scan for a possible malware infection," he says. "If there is malware present, it may have also grabbed your online passwords — make sure that you haven't left a backdoor open to your website accounts and change your passwords."

Related stories:

• Facebook Timeline poll: 'Overwhelming negative' reaction
• FTC head calls out Facebook, Google on Data Privacy Day
• Do Google and Facebook really respect Data Privacy Day?

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.

msnbc.com

Some of it was just funny — an image of Justin Bieber passionately singing into a man's ... um ... appendage pasted where the microphone should be.

Other hardcore porn images were of the banal fare so easily found outside Facebook's gated Internet community. But there was also the Newsfeed spam featuring child pornography reported by some. The bloody dead dog and decapitated corpses were also among the shocking fare Facebook users found themselves subjected to when the week began and the world's largest social network battled "a coordinated spam attack that exploited a browser vulnerability."

"XSS, as I suspected," Jay Ashworth, this computer geek I know from Facebook, said following confirmation of the days-long debate by security experts and civilians alike over what caused — and who was behind — the gore and porn spreading across the social network. An XSS scam — or cross-site scripting — is as common as Facebook scams come, spread largely because of uneducated and/or insatiably curious Facebook users tricked into copying and pasting offending JavaScript into a vulnerable browser.

Here's Facebook's official statement:

Protecting the people who use Facebook from spam and malicious content is a top priority for us, and we are always working to improve our systems to isolate and remove material that violates our terms. Recently, we experienced a coordinated spam attack that exploited a browser vulnerability. Our efforts have drastically limited the damage caused by this attack, and we are now in the process of investigating to identify those responsible.  

During this spam attack users were tricked into pasting and executing malicious JavaScript in their browser URL bar causing them to unknowingly share this offensive content. Our engineers have been working diligently on this self-XSS vulnerability in the browser. We've built enforcement mechanisms to quickly shut down the malicious Pages and accounts that attempt to exploit it. We have also been putting those affected through educational checkpoints so they know how to protect themselves. We've put in place backend measures to reduce the rate of these attacks and will continue to iterate on our defenses to find new ways to protect people.

Oh, and you can bet they are. While many users threatened to quit the site and made accusations that Facebook CEO Mark Zuckerberg couldn't care less about the ick that might very well have caught the eye of Grandma and/or all those 11-year-olds parents allow to lie about their age to be on the social network, Facebook wants the nude splatter-fest out of your News Feed even more than you do. Because it's a business. Businesses are customarily not fans of outside influences that drive away customers. And therein — as the much-abused Hamlet quote goes — lies the rub.

While Facebook points to a flaw in a browser, it won't identify which browser allowed the malicious code to spam violated Facebook accounts. While naked people and blood splatter grabs the headlines, less sensational XSS and clickjacking scams such as tricking Facebook users into clicking on "Why were you tagged in this video?" or pasting code into browsers in the hopes of getting a free meal at Olive Garden are so quickly forgotten they're often repeated.

"The bigger question is what motivated the attackers to use this flaw in such a strange way?" Chester Wisniewski of Sophos writes in the security company's Naked Security blog. "We investigate lots of Facebook scams here at Naked Security, and I would guess that nearly 100 percent of them lead to some financial payout for the scammer." Usually, scammers earn money when Facebook users are tricked into viewing advertising.

The latest outbreak "seems to be a purely malicious act," Wisniewski writes. "Facebook has a reputation for maintaining a reasonably family friendly environment and most Facebook users don't expect dead dogs and penises showing up on their wall."

The lack of monetary motivation has led security experts and others to speculate whether this was an attack by the hacker collective Anonymous, but there are no clues or confirmation. Facebook is letting it be known that it's on the case.

"In addition to the engineering teams that build tools to block spam we also have a dedicated enforcement team that has already identified those responsible and is working with our legal team to ensure appropriate consequences follow," Facebook said in an email statement. The site cited two prominent anti-spam legal victories.

In 2009, Facebook successfully sued "Spam King” Sanford Wallace for spamming users' Facebook walls in a lawsuit that resulted in a $711 million judgment in the social network's favor and possible jail time for Wallace. In 2011, Facebook was awarded more than $360 million in statutory damages from spammer Philip Porembski, who grabbed the login info of at least 116,000 accounts, which he used to spam 7.2 million users.

Meanwhile, Facebook users can do a lot to prevent spam simply by not clicking on suspicious links. Viral scams persist on Facebook because Facebook users continue to click malicious links. Over the last year, Facebook stepped up its defenses against these seemingly unstoppable pests by launching a variety of new security tools to help prevent spam and educate users.

To review, here are some things you can safely assume you won't see via Facebook: Osama bin Laden's body, that video of that thing Justin Bieber did to that girl, what happened when that girl's dad walked in on her, an app that reveals who has been looking at your profile, or any "authentic" message from Facebook WRITTEN IN ALL CAPS.

If you do get sucked into this or any Facebook spam scam, it's easy to remove the application, using Facebook settings, so that it no longer accesses your profile. Here's how:

• Remove any content the rogue app may have posted on your Facebook wall.
• Go to the Account Settings drop-down menu in the upper right side of your screen.
• From the Account Settings drop-down menu, choose Privacy Settings.
• On the bottom right side of the Privacy Settings Page, click the Apps & websites link "Edit your settings."
• On the App page, next to "Apps you use," select edit settings.
• There you will see the third-party apps that have access to your Facebook profile. Delete any rogue applications. (It's a good idea to check this setting regularly, anyway.)
• Send an apology to all your Facebook friends who may have been tagged, and advise them to do the same.
• Join Facebook's Security page as well as the Sophos security page on Facebook to stay up-to-date on the latest security issues.

More on the annoying way we live now:

• Facebook investigates gore, porn infecting your News Feed
• Fidel Castro's niece trolled in Twitter debut
• Pug smarter than tech blogger, spots spoof

 Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

Facebook

"I saw two this evening," one Facebook user wrote us Monday night, in an email that contained two screenshots from her Newsfeed. "The porn, to each their own ... but the dog and the blood just turned my stomach ... disgusting."

She's not alone. In the past two days, Facebook users have become increasingly vocal about graphic photos — pornography and mutilated corpses of humans and animals — showing up on Facebook Newsfeeds. Facebook users forwarded several screen shots to Technolog, which we forwarded to the social network, but won't publish at this time.

Facebook did not specifically address the images but they did provide this official statement: 

Protecting the people who use Facebook from spam and malicious content is a top priority for us and we are always working to improve our systems to isolate and remove material that violates our terms. We have recently experienced an increase in reports and we are investigating and addressing the issue.

Facebook users are encouraged to report abusive content via the dropdown menu that appears next to each post on profile walls and Newsfeed.

It's not clear how widespread the gore and porn posts are throughout the site. In our anecdotal survey, Technolog heard more from users who said they'd only been told about the images from friends who saw such posts, along with the few who who sent us screenshots. 

It's also unclear whether the graphic images are being spread via a clickjacking scam. Clickjacking scams are unfortunately common on Facebook and spread when a Facebook user clicks on a malicious link on the social network. The click allows code to access the user's account, which then spams malicious links to that user's Facebook friends.

Notably, this current Facebook scourge seems different from the CAP-LOCK warnings about "hidden" sex videos Facebook users are posting themselves as their Facebook statuses, which we reported as a hoax yesterday.

In that case, the screaming warnings claimed hackers would use a victim's name to post porn videos to the Facebook walls of the victim's Facebook friends. What's more, the warning alleges that these posts remain invisible to the victim.  Several security agencies including Sophos say that they've found no evidence that hackers can are able to prevent you from seeing content they've posted using your name. This particular hoax first surfaced in September and it's possible the resurgence may've been caused by panic over this current alleged rash of nasty spam.

We will continue to update should this story continue to unfold.

More on the annoying way we live now:

• It's a hoax! 'Hidden' sex videos on Facebook
• Fidel Castro's niece trolled in Twitter debut
• Pug smarter than tech blogger, spots spoof

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

Duane Hoffman msnbc.com

Nothing starts the week off right like all your friends screaming nonsense via Facebook. You know, something like this:

ATTENTION: THE HACKERS ARE PUTTING SEXUAL VIDEOS TO YOUR NAME IN THE WALLS / PROFILES OF YOUR FRIENDS WITHOUT YOU KNOWING IT. YOU DONT SEE IT, BUT OTHER PEOPLE CAN SEE IT, AS IF THESE WERE A PUBLICATION THAT YOU MADE! ALSO, THEY'RE SENDING INBOX MSGS TO YOUR FRIENDS ASKING YOU TO CLICK A LINK. DON'T DO IT!! SO IF YOU RECEIVE SOMETHING FROM ME ABOUT A VIDEO OR A STRANGE INBOX MESSAGE, IT'S NOT ME! COPY THIS TO YOUR WALL. IT IS FOR THE SECURITY OF YOUR OWN IMAGE!!! And REPORT IT!!!!! ALSO IF U ARE ASKED TO VOTE ON A PICTURE. DO NOT GO & VOTE: IT'S A HACKER!! POST THIS TO YOUR WALL FOR YOUR FRIENDS!!

This hoax — which seems to be resurging after a viral run in late September — isn't tied to a clickjacking scam. Clickjacking occurs when you click a scam link that then posts the same scam link to the walls of everyone you know on Facebook. That's not what's happening here. Instead, Facebook users are cutting and pasting this warning on their Facebook status because another Facebook status told them too.

If that's you, cut it out.

Both Snopes — the hoax-debunking website you need to add to your Favorites browser bar immediately — and Sophos Security haven't found any evidence that hackers are able to prevent you from seeing content they've posted using your name, as the screaming status (above) claims. Of course, if you've clicked on a clickjacking scam — Justin Bieber punching some girl, that thing that girl's dad did that you won't believe, that thing about not having respect for Miley Cyrus, etc. — that same spammy link will crap up the walls of all your friends. But you will always be able to see the damage you've done.

Sophos confirms:

Yes, scammers have often posted thumbnails of what appear to be pornographic videos to compromised Facebook users' walls, but we have never seen any incidents where the post was *invisible* to the user.

Whether you're more culpable for clicking on a link that spams your Facebook friends, or actively cutting and pasting hoaxes under your own steam is a discussion to be decided by the ages. A CAPS LOCK status update may not spread malware, but it does spread ignorance as well as clog up paths of communication. Also, it's annoying.

In review, here are some things we can safely assume you won't see via Facebook: Osama bin Laden's corpse, that video of that thing Justin Bieber did to that girl or what happened when that girl's dad walked in on her, an app that reveals who has been looking at your profile or what you'll look like when you're old, and an authentic message from Facebook WRITTEN IN CAPS LOCK.

If you do fall victim to actual clickjacking — hey you're only human — here's what to do:

• Remove any content the rogue app may have posted on your Facebook wall.
• Go to the Account Settings drop-down menu in the upper right side of your screen.
• From the Account Settings drop-down menu, choose Privacy Settings.
• On the bottom right side of the Privacy Settings Page, click the Apps & websites link "Edit your settings."
• On the App page, next to "Apps you use," select edit settings.
• There you will see the third-party apps that have access to your Facebook profile. Delete any rogue applications. (It's a good idea to check this setting regularly, anyway.)
• Now, send an apology to all your Facebook friends who may have been tagged, and advise them to do the same.

Hat tip to Julissa McHugh for spotting this hoax's return.

More on the annoying way we live now:

• Pug smarter than tech blogger, spots spoof
• Fidel Castro's niece trolled in Twitter debut
• Adultery website encourages cheating on your fat wife

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

Websense

You're never going to get free airline tickets simply by clicking a link on Facebook and accepting a third-party app — not from JetBlue, not from Delta Airlines, and not from the latest airline name to be abused by social network scammers, Southwest Airlines.

Yet such viral scams persist on Facebook because Facebook users continue to click malicious links. Over the last year, Facebook stepped up its defenses against these seemingly unstoppable pests, sending warning prompts to users and partnering with Web of Trust, a crowdsourced website rating community. Today, the world's largest social network further enforced its spam defenses by partnering with security firm Websense, which will help protect and educate Facebook users via its bad link database.

"Starting today, Websense technology will add to Facebook's existing protections to stop users from clicking on links without knowing the trustworthiness of the destination," Dan Hubbard, Websense chief technology officer, said in a media statement. "When a Facebook user clicks on a link it will be checked against the Websense database. If Websense determines the link is malicious, the user will see a page that offers the choice to continue at their own risk, return to the previous screen or get more information on why it was flagged as suspicious."

Google Chrome and Twitter use similar warning systems, and as the handy Websense flowchart above reveals, you're still responsible for using the good sense the Lord gave a chicken. So if you're clicking a link and get a prompt that tells you the link might not be safe, don't click on it.

If you do succumb to your overwhelming desire to get those free airline tickets or the possibility of seeing Justin Bieber embarrass himself, you'll likely be asked to accept a third-party app. Accept it and you've just spammed all your friends with the same bad link. You might find yourself sent to an outside website where you'll be asked to take a survey. Either way, no free tickets or photo documentation of Justin Bieber humiliations are forthcoming.

To review, here are some things you can safely assume you won't see via Facebook: Osama bin Laden's body, that video of that thing Justin Bieber did to that girl, what happened when that girl's dad walked in on her, an app that reveals who has been looking at your profile, or any "authentic" message from Facebook WRITTEN IN ALL CAPS.

If you do get sucked in to this or any Facebook spam scam, it's easy to remove the application, using Facebook settings, so that it no longer accesses your profile. Here's how:

• Remove any content the rogue app may have posted on your Facebook wall.
• Go to the Account Settings drop-down menu in the upper right side of your screen.
• From the Account Settings drop-down menu, choose Privacy Settings.
• On the bottom right side of the Privacy Settings Page, click the Apps & websites link "Edit your settings."
• On the App page, next to "Apps you use," select edit settings.
• There you will see the third-party apps that have access to your Facebook profile. Delete any rogue applications. (It's a good idea to check this setting regularly, anyway.)
• Send an apology to all your Facebook friends who may have been tagged, and advise them to do the same.
• Join Facebook's Security page as well as the Sophos security page on Facebook to stay up to date on the latest security issues.

More on the annoying way we live now:

• How to stop Spotify from embarrassing you on Facebook
• Man steals $57K from neighbors using their Facebook info
• Facebook hacker posts stolen pics on porn site

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

CBS

This photo of Justin Bieber fooling around on the set of CSI is potentially the best Facebook spam scam. Ever.

Facebook spammers are recycling social network scams at such accelerated speed, the flimflammers are now resorting to scams ripped from "Law & Order" plotlines ... apparently.

"The Facebook Killer" scam assaulted social network users over the weekend, tricking the naive and/or morbidly curious into clicking a link that offered, "News гepoгts of a maп they are calling the 'Facebook Killer' have gone ramрant, he has claimed 9 lives in the United States so far that we know."

via Sophos

Given the interminable popularity of the the procedural crime drama franchise, as well as the fact that you totally watched that insufferable Craigslist Killer movie on Lifetime  like, three times, you know what these scammers are thinking.

Click what seems to be a CNN link posted by one of your Facebook friends, and you're sent to a fake YouTube page with the prompt: "Are you older than 13 years of age? Click "Jaa" button 2x and confirm and play video."

via Sophos

Thing is,  "Jaa" is Finnish for "Share." Click that increasingly-common ruse and you've just spammed all your Facebook friends with that same link to the fake news report about a fake Facebook serial killer — who might be in your area! That's the twist on this particular spam scam, which attempts to work out your location, and add it to the fake comments on the fake story, notes Graham Cluley, senior technology consultant at Sophos:

Through GEO-IP lookup techniques it has attempted to work out where in the world I am - and so is presenting (in my case) a video which claims the serial killer is in the British city of Salisbury.

Furthermore, if you look down the page you'll see supposed comments left by other viewers of the video including one which says:

This is UNREAL! I live in Salisbury

Again, however, this is a trick by the scammers. If you look at the webpage's code you will see that it substitutes the name of the city into the comments as well.

If morbid curiosity compels you to keep clicking, "you'll be taken to what is commonly termed as a survey scam," Sophos reports. These are surveys, or competitions, which trick you into handing over your personal information and either earn the scammers commission or require you to sign-up for an expensive premium rate service."

As we've noted before, these scams morph regularly, so it's best to be careful of any Facebook link to either an outrageous news story or anything that ABUSES CAP LOCK ... especially if it involves murder or Justin Bieber, and super especially murder and Justin Bieber.

If you do get sucked into the scam — and it happens to the best of us — it's easy to remove the application to keep it from accessing your profile.

Here's what to do:

• Remove any content the rogue app may have posted on your Facebook wall.
• Go to the Account Settings drop-down menu in the upper right side of your screen.
• From the Account Settings drop-down menu, choose Privacy Settings.
• On the bottom right side of the Privacy Settings Page, click the Apps & websites link "Edit your settings."
• On the App page, next to "Apps you use," select edit settings.
• There you will see the third-party apps that have access to your Facebook profile. Delete any rogue applications. (It's a good idea to check this setting regularly, anyway.)
• Now, send an apology to all your Facebook friends who may have been tagged, and advise them to do the same.
• Then join the Sophos Facebook page to get the latest news on the latest scams ... so you can warn your family and friends instead of annoying them with profile spam.

More on the annoying way we live now:

• Did your lame password let 'beach body' hack Twitter?
• Computer officiates wedding, signals beginning of robot rule
• Internet Explorer 6 users have low IQs, study says

Helen A.S. Popkin always finds a legitimate way to work Justin Bieber into pretty much any story. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

via Sophos

Thousands of Twitter users continue to endure tweets telling them to "get the beach body you've always wanted" possibly because one third of Internet users still insist on using the same password on multiple websites.

"The messages link to what pretends to be a news website, but is really designed to promote an Acai Berry 'miracle diet' marketed as 'Power Slim,' " reports Sophos. "The product claims to have been seen in the pages of Women's Health, Elle, Marie Claire, Oprah, Cosmopolitan and other magazines."

Sound familiar?

Claims about acai berries made in fake news stories that appear in pop-ups, Google search results, on real news sites (including msnbc.com) and even on WebMd.com got the beatdown earlier this year by the Federal Trade Commission.

The FTC filed charges against companies and individuals for allegedly blurring the lines between advertisements and journalism by promoting false information about acai and colon cleansing. In some cases, companies and individuals were hit with temporary restraining orders preventing assets from being moved or records from being destroyed. The offending websites must prominently display a statement that they are being sued by the FTC, or be removed from the Web.  

Meanwhile, this latest Twitter spam scam seems familiar as well.

"It could be that the users' passwords have been compromised, similar to another Acai Berry spam campaign we saw on Twitter at the end of last year following the Gawker password breach," writes Graham Cluley, Sophos senior tech consultant.

Hackers used passwords grabbed in the Gawker hack to infiltrate user accounts on Twitter and other sites. As Cluley points out, "Too many users (perhaps as many as a third) are still using the same password for every website they access."

If you find your Twitter account suddenly spamming your followers, change your password right away — on Twitter and anywhere else you're using that same password. In fact, even if you haven't been hacked, why not take this moment to switch up your passwords to the Twitter, Facebook and Google+ accounts you know you totally have open at work right now?

Here's a video from Sophos to help you think up some good ones:

More on the annoying way we live now:  

• Google+ promises heads' up before it dumps your fake account
• Facebook's 'tweaked' photo changes are no big deal
• Twitter users spread 'Unfollowed Me' virus

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.

A security firm that reviewed 10,000 Android apps found more than 800 of them were leaking personal data, sending the information to unauthorized servers.

Researchers from Dasient — a California-based company that provides anti-malware services to businesses — said that 11 of the apps were sending SMS messages out to other phone users.

"Some of these applications, once started, were sending premium SMS messages," Neil Daswani of Dasient told DarkReading.com."The user ends up paying for those messages, and they can be pretty expensive. It's sort of like the old 900 number scams, where if you called once, your phone would continue to incur the charges over and over again."

And in the report, while the 11 apps weren't named, the firm said:

While we did not observe any outwardly malicious text messages in our sample of 10K apps from the Android Market, we did observe 11 applications that sent text messages that could be considered spam-like. In particular, the 11 applications sent text messages to the device itself that thanked the user for installing the app and suggested sharing the app with friends. These apps are generating SMS messages that are potentially unwanted by the user.

More than 800 Android apps "leaked private information, such as IMEI and IMSIs," the firm said. "The IMEI number of a phone identifies the device, while the IMSI identifies the subscriber. These numbers are private and apps are supposed to request permission to access them for that reason. The confidentiality of these numbers is important because they can be used for fraudulent purposes, such as cloning the SIM card."

Dasient also says that while "most mobile malware attacks by trojans have relied on social engineering to encourage users to download them," there is an "emerging class of automated exploits" that resemble what are called "drive-bys" and "which don’t require the user to do anything to get infected when visiting a Web page."

Daswani will present more details from the firm's findings at next month's Black Hat conference in Las Vegas.

There are now more than 235,000 programs in the Android Market, according to AppBrain, a website for discovering Android apps.

The apps studied by Dasient "were chosen at random from 30 different categories of apps in the Android Market," the firm said in its report.

AppBrain estimates 38 percent of Android apps are "low quality," which of course, is not the same as those that have security issues.

The site's "low quality app detection filter detects automatically which apps are unlikely to be useful," AppBrain notes. "Google seems to remove apps from the market roughly once a quarter, in which case the total number of available Android apps goes down. The removed apps are almost always classified by our system as low quality apps."

Dasient says that so far, "most Android malware is not very sophisticated and usually conducts its malicious behavior with little user interaction. On one hand, cybercriminals want users to trigger their malicious application functionality fairly quickly such that they see a high conversion rate of devices infected." But, "On the other hand, Android malware will become much more sophisticated."

— Via Business Insider

Related stories:

• Apple, Android phone users are heaviest app downloaders
• Developers: Android is risky business
• Malware infects more than 50 Android apps
• How to tell if an Android app is malware

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.

We love to share stories about innocent Facebook users losing their profiles because they share a name with Justin Bieber or Kate Middleton, or because they're actually an account for someone's dog. Turns out developers —those people who make polls, design apps, or games smaller than Zynga —are also subject to unceremonious exile from the social network.

"Wath [sic] the hell hapenned?! A lot of my apps simply disapered [sic]!"  one commenter in a Facebook developer forum posted, perhaps too frantic to spell check. Given that the writer was posting in a thread titled, "WARNING! HONEST application with 8 million users were just banned! [sic], already filled with similar complaints,"  a lack of concentration is easy to understand.   

"Over the past couple days Facebook has been shutting down a large number applications due to changes to the automated platform monitoring system," industry blog All Facebook reports. Facebook's mission to control the spammy apps junking up our profile walls turned into a scorched earth campain, it seems. After receiving complaints from Facebook developers, All Facebook found that along with smaller developers, larger apps that were — at least momentarily — disabled included Good Reads, Photo Effect and Social Interview.

"We turned on a new enforcement system yesterday that took user feedback much more heavily into account," a Facebook engineer wrote in part, acknowledging the problem on a Hacker News forum, "My apologies for the suddenness of the action. The numbers were high enough to cause a real loss of trust in applications, which can impact the entire platform. Where we have failed is not providing enough feedback about negative engagement metrics to developers before needing to take this action."

Good Reads, a popular app that provides book suggestions and shares what your friends are reading, has since been reinstated, as have others. We asked Facebook for the number of apps disabled and/or reinstated, and got this familiar email comment instead:

"Over the past year, we've worked hard to improve our automated systems that catch spam and malicious behavior on the platform. These systems allowed us to cut spam on the platform by 95 percent in 2010, greatly increasing user satisfaction and trust with apps on Facebook.  Recently, we started getting a lot of user feedback, spiking significantly over the past week, on the amount of application spam people are seeing in their feeds and on their walls. As a result, we turned on a new enforcement system yesterday that took user feedback much more heavily into account. This resulted in a number of applications with high negative user feedback being disabled or having certain features disabled. We've posted a link for developers where they can appeal if they feel they've been disabled in error. Also, we're working on new analytics to help developers better monitor negative user feedback to prevent a spike like this in the future."

Meanwhile, on the Facebook developers forum, complaints continue to roll in. "My app disapeared [sic] yesterday after 6 months of perfectly normal operation," one developer posted. "We have been working hard with this app for the last 12 months. It is a local success. People talk about the game. We don't understand what we did wrong. We spent thousands of dollars for the application development. Its [sic] not fair being banned without an [sic] single warning." 

Facebook app developers: They're just like us!

More on the annoying way we live now:

• Facebook attacks scam spam with new security tools
• Facebook photo-tagging scam running rampant
• Kids on Numa Numa guy: 'That really just happened?'

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. 

via Sophos

Just as any health care worker can tell you there's no such thing as 100 percent "safe" sex, every Facebook user should know there's no such thing as "safe" clicking. And if abstinence is not an option for you on either of these activities, the best you can do is educate yourself on possible risks. How appropriate then is the Facebook scam du jour, "The World Funniest Condom Commercial — LOL" currently infecting Facebook profiles all over the social network.

"The messages are spreading through a clickjacking scam (sometimes known as likejacking) which means that users do not realize that they are invisibly pressing that they 'Like' the video when they try to play it," Sophos reports. Appropriately enough, "the scam appears to be being perpetrated by the same gang who have been successfully spreading a "Baby born amazing effect" scam over the last several days."

Clickjacking is one of the ways spam is spread around Facebook. Clickjackers trick you into accessing links and/or "Like" buttons by hiding the code underneath content that piques your interest — such as "OMG! CNN CONFIRMS OSAMA BIN LADEN ALIVE" or that video of that thing Justin Bieber did to that girl that "YOU WON'T BELIEVE!"

As with most clickjacking spam, the "The World Funniest Condom Commercial — LOL" offers multiple tip-offs, such as the apostrophe "s" missing at the end of "World," the use of "LOL," and the use of sex as bait. Note: Most spam scams on Facebook cover three no-fail topics: Sex, death and Justin Bieber.

Fail to pick up on these clues and click to see "The World Funniest Condom Commercial — LOL" and you've also inadvertently "Liked" the link, spreading it to your now-annoyed Facebook friends and family. Unlike many spam scams on Facebook however, you are rewarded with an Argentinian condom commercial, though you can see on YouTube right now without getting unfriended. And SPOILER ALERT! It is not the funniest condom comercial in the world. That would be this one.

As Sophos points out, Facebook recently announced security updates  to help alert users to clickjacking scams via automatic prompts to confirm whether you actually want to "Like" what you're about to click, thus adding it to your Likes and Interests and spamming their friends. These updates haven't yet proved effective, and since scammers are always looking for away in, it's important to stay vigilant if you want to avoid annoying your friends.

In review, here are some things we can safely assume you won't see via Facebook: Osama bin Laden's corpse, that video of that thing Justin Bieber did to that girl or what happened when that girl's dad walked in on her, an app that reveals who has been looking at your profile or what you'll look like when you're old, and an authentic message from Facebook WRITTEN IN CAPS LOCK.

If you do fall victim to clickjacking — hey you're only human — here's what to do:

• Remove any content the rogue app may have posted on your Facebook wall.
• Go to the Account Settings drop-down menu in the upper right side of your screen.
• From the Account Settings drop-down menu, choose Privacy Settings.
• On the bottom right side of the Privacy Settings Page, click the Apps & websites link "Edit your settings."
• On the App page, next to "Apps you use," select edit settings.
• There you will see the third-party apps that have access to your Facebook profile. Delete any rogue applications. (It's a good idea to check this setting regularly, anyway.)
• Now, send an apology to all your Facebook friends who may have been tagged, and advise them to do the same.

More on the annoying way we live now:

• Fake 'Harry Potter' news causes Facebook freakout
• Fake 'Girl With the Dragon Tattoo' trailer is fake
• Mark Zuckerberg kills what he eats

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook.

via FB scam

Ain't happenin'

Facebook does not offer a "Dislike" button, and no matter how many "Dislike button" Facebook page petitions you "Like," how many chickens you sacrifice and how many birthday candles you waste, there likely will never be one. 

Think about it.

"Dislike" just doesn't fit with the Facebook credo, which is about social connections and promoting things. It doesn't work like YouTube, where you're rating one thing — videos — with an thumbs-up or down. Facebook wants everyone — including and/or especially product pages — to have a thumbs up experience. And let's face it: You people can't be trusted. Give the unwashed Internet masses the ability to "Dislike" something, and most assuredly things will get ugly fast.

Problem is, lots of Facebook users don't think about it. And so, the Facebook "Dislike" button scam, so popular in Sept. 2010, is back in fashion, tricking those blinded by hope into fouling up the walls of their Facebook friends with annoying spam.

Sophos reports:

Like the "Preventing Spam / Verify my account"scam which went before it, the scammers have managed to waltz past Facebook's security to replace the standard "Share" option with a link labelled "Enable Dislike Button".

The fact that the "Enable Dislike Button" link does not appear in the main part of the message, but lower down alongside "Link" and "Comment", is likely to fool some users into believing that it is genuine.

Clicking on the link, however, will not only forward the fake message about the so-called "Fakebook Dislike button" to all of your online friends by posting it to your profile, but also run obfuscated Javascript on your computer.

You know the old saying: Those who don't remember Facebook spam scams are destined to annoy their friends. 

via Sophos

It's a trap!

Facebook says it's working with major Web browsers to fix the security holes that allow malicious apps to slip into the social network. Last week, Facebook rolled out security updates to help clean up the site. But common sense can go a long way towards not annoying your friends, too.

Consider the case of the "Dislike" button which you're asked to click to install.

When was the last time you had to install a Facebook update? You can enable or disable, opt out or opt in by checking boxes in your account settings. But whenever you have to "accept" an application, you're giving permission to a third party, not Facebook.

Scammers (both on Facebook and IRL) repeatedly trick users by offering something that appeals to our overwhelming curiosity and/or vanity. If the President of the United States says he's not going to show you pictures of Osama bin Laden's corpse, your next best bet is Wikileaks, and not a Facebook app.

Further, no Facebook app can show you who's been "stalking" your profile — that's against Facebook's Terms of Service. 

Other things you'll never see on Facebook? Let's review: That video of that thing Justin Bieber did to that girl, what happened when that girl's dad walked in on her and an authentic message from Facebook WRITTEN IN CAPS LOCK.

Oh!

And if you want to see what you'll look like when you're older? Wait.

More on the annoying way we live now:

• Facebook attacks scam spam with new security tools
• Bin Laden death photos? Stay away
• 7.5M kids lie to get on Facebook - parents don't care
• Facebook's Google smear campaign outed
• Facebook photo-tagging scam running rampant

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook.

Google

Excited about Google Music, the recently announced free streaming service? A lot of folks are — and others are looking to take advantage of that enthusiasm by trying to get you to hand over your personal data on the basis that they'll give you what's needed to get started with Google Music.

If you get any such "offers" via email or text message or carrier pigeon, know that they're bunk. Google Music, in beta or test mode, is being done by invite-only by Google to those in the U.S., but that's it. It's not being offered by anyone else, period. You can go to this Google site to request an invite.

As website Mashable said Friday:

The beta doesn’t let current users give out invitations to their friends, so no one has spare invites to give you. That includes Mashable writers, your friends online, and any website claiming to be giving away Google Music invites.

Any person or website claiming to be “giving away” Google Music invites is lying, a fact we’ve just confirmed with Google representatives. Because of the way invites are handed out, they’re linked to specific Google Accounts. In other words, one person can’t request an invite and pass it on; the invite has to be requested and accepted by the same Google Account.

So far, we’ve seen all kinds of scam and spam out there around Google Music, from CPA surveys to data gathering apps that prompt you to enter personal information. We should be more surprised at the alacrity of these scam-hounds, but with every great product comes great potential for fraud. Free iPod, anybody?

As msnbc.com's Athima Chansanchai wrote earlier this week, "Once an invitation has been issued, Music Beta will be accessible to those with Gmail logins. Users will add their own music from their computers to the Google cloud."

Just be sure that when it comes to Google Music, the tunes may be in the clouds, but your head should not be.

Related stories:

• Cloud music to your ears from Google
• Cloud music service battle: Google vs. Amazon
• Google launching cloud music service, followed by Apple

Check out Technolog, Gadgetbox, Digital Life and In-Game on Facebook, and on Twitter, follow Suzanne Choney.