There is a JavaScript Spam trick on Facebook resulting in spam messages being posted on many user accounts. First mentioned yesterday by Internet security experts at GFI Software, the persistent cross-site scripting (XSS) vulnerability still remains unpatched as of this writing.

So, what happened? Some attacker has discovered a XSS vulnerability which can be used to inject JavaScript through specially crafted Facebook application pages. Normally the script would be removed by filters before the page is shown to the user, but in this case, it is able to slip through. The malicious script will then be executed in the context of Facebook.com, allowing it to perform requests under the user’s session. Keep in mind this happens before the application asks for any permissions. Visiting the page while being logged into Facebook is enough to get it started, which is normally the case when a user is viewing new messages.

To take advantage of this feature, click on the "Enable Auto-Scan" button on the scan summary page to have Safe Web check your News Feed for malicious links every hour and notify you if unsafe links are found.

It’s FREE. It’s effective. And it makes your experience on Facebook safer. The Norton Safe Web for Facebook application scans your news feeds and identifies URLs containing security risks such as phishing sites, malicious downloads and links to unsafe external sites. With this application, you can easily see which links in your News Feed are unsafe for you or your friends to click on. From the scan results page you can click through to view detailed site rating analysis on the Norton Safe Web site (http://safeweb.norton.com/).

Scammers are trying to exploit the millions of Justin Bieber fans using Facebook by making false claims about their idol in order to lure them onto rogue pages.

The fake messages being posted by users who already fell victim to this scam read: "OMG Justin Bierber trying to flirt, check it out http://tiny.cc/[censored].

The tiny.cc link takes users to a rogue Facebook application page which displays a big button reading "Justin Bieber going crazy! Click to see".