Security vendor Sophos says Facebook users can relax and stop warning each other about a supposed computer crashing Christmas tree-themed app disguised as a virus since the whole thing is just a hoax.

Thousands of Facebook users have raced in recent days to rescue friends by posting warnings of "one of the WORST Trojan viruses" out there, but Sophos says it has seen no evidence that such a malware-bearing app exists (not that one couldn't be concocted). Sophos says the warnings of this non-existent app actually appear to have traveled faster than past warnings of real threats.

"Users believe they're doing the right thing when they share warnings like this - but unfortunately they haven't checked their facts," writes Graham Cluley, senior technology consultant with Sophos, on the company's blog: http://nakedsecurity.sophos.com/2010/11/22/christmas-tree-app-virus-hoax-spreads-on-facebook/

Cluley also takes a poke at Geek Squad, which is cited by Facebook users as a source warning of the Christmas Tree app. "(S)ince when was Geek Squad a reliable source for information about new malware? Wouldn't you be more sensible to check with an established anti-virus company?"

Cluley notes that there was a real Christmas tree virus back in the late 1980s that did infect machines on IBM's internal network and other networks.

All of this isn't to say Facebook doesn't continue to be a huge hacker target. Facebook flaws that have enabled private chats to go public, among other things, have security watchers like Sophos keeping close tabs on the social network site. Facebook early this year announced a partnership with McAfee in an attempt to clamp down on threats and more recently announced new security features, including support for one-time passwords that can be useful when accessing Facebook accounts from public computers.

(PCW)