Yes, Gil, I too was simply shocked.. shocked I say! I can't tell you how many people I've helped get their Facebook accounts back from hackers. Usually a simple change of password does it, but in her case the hacker actually got into her Hotmail account and trashed it plus was carrying on Facebook conversations with other family members. It was very creepy.
Mary, there are a gazillion variations of this virus, so it's pointless to look for a specific one. It's been around for several years.
What happens is hackers use brute force tools to scan accounts for passwords. unfortunately many people use the same password for Facebook and their e-mail. Once they get into your e-mail they use that address to send out piles of spam. Of course they have access to your address book as well. Forwarding nasty stuff to everybody you know.
As Drac said changing the password in your Facebook is the easiest way to shut them out. A problem arises when the theives get into your account they can change your password keeping you out.
It is a royal pain but you should use a different password for every account and DO NOT KEEP PASSWORDS ON THE PC.
AND NEVER EVER USE A PASSWORD SAVER THOSE INTRUSIVE BROWSERS OFFER, that is askingfor trouble.
How easy is it to brute force a password?
This password for instance john1422
Will take a brute force effort using
Offline Fast Attack Scenario (a hacking tool)
29 seconds to find
Using the Massive Cracking Array Scenario
it would take 0.029 seconds
This password JoHn*!4@2!aA!
Will take (Offline Fast Attack Scenario hacking tool
1.65 hundred thousand centuries to crack
The Massive Cracking Array Scenario tool
1.65 hundred centuries to crack
Steve Gibson a security expert has designed a free utility allowing you to design passwords reporting how long it will take using various tools to crack
You can create passwords and test them to see how secure they are
It is a great tool and of course you use the tool anonymously
Here is the tool Password Haystack
For those of you who do online transactions of any kind, banking, purchasing etc here is a way to verify the security certificate of the site is legitimate and you are on the right site. This little puppy is worth it's weight in gold. Again this is Gibson at work.
There is a long article explain why Mr Gibson built this tool. You simply paste the URL onto his fingerprinter and his site will tell you what the correct certificate id is for that site. You compare that to what your browser reports the certificate id is for that site.
He gives you directions how to read the certificate for several browsers. It seems location of the certificate varies between different browsers. Gibson-Certificate Fingerprinting