Facebook is a terrific tool for anyone who likes to communicate with their friends, family and business contacts. But it is not devoid of people who have bad intentions. Certain members are using Facebook as a place to steal your private information. These attacks are seen overtly through friend wall posts, status updates, fake links… Hackers use currently use automated robots (aka Bots) to take your username and password and cause problems for you with other accounts by using your associated email account (if your password is the same or the name of the dog or cat you often mention within Facebook).
Today there is a new kind of Facebook exploit recently discovered, that quietly takes advantage of your private information and inserts it into hidden places within photographs, and then passes that information throughout the entire Facebook “ecosphere” through photo sharing features. What this means to your private information is it can be inserted into a hidden section of a photograph, and passed to other parts of Facebook for future social engineering, or identity theft. An article describing this behavior:
The malware first gets on your computer the way any other malware does: one clicks on a fake link or opens up an email. The clever part of Stegobot is the use of social networks to send the data to the botmaster. When one of your friends looks at your profile, Stegobot takes whatever information it stole and adds it to a photo. Since Facebook downloads files in the background — no clicking on them required — the user won’t see it happening. The stolen data can then be retransmitted via the social network until it eventually reaches the botmaster.
The full article is here…