If you see a message in your Facebook inbox which says “Visit atomclub.be” or “Look at dynasale.be” make sure you delete the message without visiting the site mentioned in it.

Few domains that are known to be used in the attack so far are.. www.151.im, www.121.im, www.123.im, areps.at , kirgo.at, atomclub.be,  dynasale.be, etc..

Facebook is trying to clear the mess up by deleting messages with any of the above mentioned or any suspicious domains. As the compromised accounts are being used to spread this attack across the network, Facebook is also resetting passwords of the accounts that are compromised.

Users can easily follow the steps in the email received from Facebook to reset their passwords and gain access to their accounts.

As expected the attack is not spreading virus at the moment it’s just phishing for login information and probably personal details mentioned on your profile.

So next time you see a message on your facebook profile asking you to visit some weird URL, be careful, make sure you do not use your Facebook login credentials anywhere else but on Facebook.com