Hackers have been giving Facebook internet security fits recently. The second loophole discovered in a week exposes the social network's vulnerability to automatically posted links.
Now, spam can be spread throughout the social network just by a user clicking a malicious link. Once the link is clicked, the spam automatically appears on the user's profile wall. The spam also shows up in the user's status message and on the walls of friends.
Previously, spam needed "some social engineering to spread," according to Facebook.
"A clever spammer has discovered a Facebook vulnerability that allows for auto-replicating links," said Sean Sullivan, a security researcher.
The links claimed to award users free Best Buy and Wal-Mart gift cards for completing a marketing poll.
The previous week, Facebook was forced to address a problem with its photo uploading service. That loophole allowed a spammer to spread thousands of unwanted messages.
Ping, Apple's new social network attached to iTunes 10, also experienced recent difficulties with spam. Within a week of its launch, Apple was forced to quickly clean up spam that flooded artist pages.