A new Facebook “virus” combines a number of security threats together, some of which apply to Mac users and some of which don’t. As reported by USA Today and many other publications, there are actually two different but similar attacks. Here’s how they work:

1. (1)Previously-compromised Windows machines, acting in botnets, send out massive waves of phishing emails that look like they came from Facebook. (Yes, it is quite a vicious circle these days, with compromised Windows machines leading to more and more attacks and compromised Windows machines. Thanks a lot Microsoft!)
   

2. (2)The phishing emails convince naive Facebook users (nearly a tautology) to go to a fake site that looks like the real Facebook pages. Users enter their Facebook password, thus giving the attacker full access to their real Facebook account. Mac users are just as vulnerable to phishing attacks of this sort as anyone else. (Just as much as Microsoft, Facebook is also responsible for the success of these attacks, since they actually encourage their users to click on links in emails that appear to be from them).
   

3. (3)The fake site then also instructs the user to install and run a trojan horse that will sit in their machine and look to steal their banking information. This very evil trojan horse is currently a Windows-only application (but a similar one in theory could run on the Mac).
   

Social networking sites like Facebook and Twitter are become more popular, and more and more novice users are signing up. Combine these facts with the more established companies like Microsoft and Apple really focusing on security, and you can see why these types of attacks are becoming more and more a sign of the times.