*Edit: It’s a false alarm. The CSS files that were included belonged to Facebook, but apparantly the domain they reside on (fbcdn.net) got tagged as “Phishing Site”. The notifications are gone from FireFox & Google’s Chrome.
It seems as if Facebook has been compromised, and is serving several .CSS files that have been identified as “Phishing Sites“.
Google Chrome users will see a message, similar to this one (but probably in their own language).
Facebook Phishing
There seems to be some malicious javascript code on the homepage, as well as several very weird .CSS includes (carefull when you try to load these!).
<link type=”text/css” rel=”stylesheet” href=”http://static.ak.fbcdn.net/rsrc.php/< INSERT RANDOM GIBBERISH CODE HERE>.css” />
The .CSS files are loaded from a static website: http://static.ak.fbcdn.net/
The main domain, http://fbcdn.net/, is already reported. Both links will alert FireFox & Chrome users of the Phishing Site.
If you want to see the source code, I suggest you browse to Facebook with Google’s Chrome, and upon seeing the message shown above click on the shortcut “CTRL + U” (View Source). This trick doesn’t work in FireFox.
That site is Facebook, it is not a phishing site. Look it up.
I received that phishing warning and the same url (in English) 5 minutes ago using Google chrome and ever since I try to use FB.
It doesn’t get added to those Phishing-site lists without a reason, so I’ll be curious to know what happened.
It’s the “content delivery network” of Facebook. They’ve been using this domain for css etc. for some time now, so everything is perfectly normal.
I don’t know why Chrome would mark it as phishing site though. Probably some simple fault on their part.