This image was lost some time after publication.

Facebook CEO Mark Zuckerberg should be relieved to learn that someone is at last "leveraging the social graph," as he might put it, for financial gain. Problem is, it's not Facebook. It's hackers pulling a phishing scam. A tipster tells us his friends at Facebook are busy fighting a virus that tricks a user into opening "a YouTube phishing site," delivered in the form of a Facebook message from one of the user's Facebook friends.

You get a Facebook message from a friend, urging you to check out this video. You go there, and it's a YouTube phishing site (with your friend's facebook profile picture and name on it), which then urges you to update your Flash player. Don't do it — it fucks up your computer and then spams all your Facebook contacts (not sure exactly how it does that). But it's interesting that hackers are now using a supposedly "trusted" messaging platform such as Facebook to launch attacks

If the hackers' method sounds familiar — a third party attempts to get a user to click based on what looks to be the endorsement of a friend — that's because Facebook tried the same idea with Beacon last year. And it's trying it again with Engagement Ads, a new format coming this fall.