FANDOM


FBHole is a worm commonly spotted on Facebook. Currently, it doesn't seem to be doing anything else than posting a message to people's Facebook walls.

The message that the worm posts is "try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]"

If the user follows the link, they end up on a page that looks like this:

The page shows a fake error message. If the user clicks anywhere on the page, it will trigger a script that will try to post the same message to the user's Facebook wall. This is done with an invisible iframe that follows the user's mouse around — causing them to click on an invisible "publish" button. Asides from the wall message post, nothing else happens.

The worm spreads rather quickly. To get some idea, try this public search via youropenbook.org

We have blocked domain fbhole.com so that F-Secure Internet Security users cannot access it. The domain was registered yesterday and it points to an IP address in Czech Republic, shared by another Czech site called ironbrain.net.

The domain fbhole.com shared an IP address with ironbrain.net [82.208.32.99]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.