The users of the social networking site can post comments on their friends’ profiles, an excellent opportunity for spammers to launch their annoying messages, directing visitors to typical spam sites, like online "pharmacy" shops.

However, this time the deceptive messages posted on Facebook do not come only from spam bots. According to a study conducted by security firm Fortinet, the Facebook spammers prefer to use genuine profiles on the site to post the messages.

The security firm points out that the profiles in question have been obtained via phishing attacks. Given the fact that a phishing worm was reported spreading itself on Facebook earlier this year, one might wonder if the two incidents aren’t related.

The stolen accounts are currently sold or rented to spammers, who can safely deploy their messages without the fear of facing any consequences.