FBHole is a worm commonly spotted on Facebook. Currently, it doesn't seem to be doing anything else than posting a message to people's Facebook walls.

The message that the worm posts is "try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]"

If the user follows the link, they end up on a page that looks like this:

The page shows a fake error message. If the user clicks anywhere on the page, it will trigger a script that will try to post the same message to the user's Facebook wall. This is done with an invisible iframe that follows the user's mouse around — causing them to click on an invisible "publish" button. Asides from the wall message post, nothing else happens.

The worm spreads rather quickly. To get some idea, try this public search via

We have blocked domain so that F-Secure Internet Security users cannot access it. The domain was registered yesterday and it points to an IP address in Czech Republic, shared by another Czech site called

The domain shared an IP address with []. hosted a website with references to Facebook but no obvious illegal content. While was registered with privacy protection, had contact information in the WHOIS database, complete with a Czech phone number.