According to Rob Rachwald, director of product marketing at Fortify Software, Facebook, MySpace and other social networking sites are created in such a way that they can be used by "unsophisticated" consumers with little IT knowledge. However, this also means users are more likely to click on a link that leads to malware.
"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites," Rachwald told Vnunet.com.
"This exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able to stage these attacks, and not just professional hackers."
"Had Facebook and MySpace required Aurigma to provide proof of a code audit before sourcing the plug-in this latest security issue could have been avoided," he added.