Spyware being installed by a Facebook application
I have been predicting this problem for some time, and it has now happened.
There are very few controls on who can create a Facebook application (or widget), and what they can be programmed to do. Also, Facebook users are being trained to accept a collection of permission settings each time they install a new application. The result seemed inevitable — someone would create a nasty application that did bad things.
This article describes how the “Secret Crush” widget installs spyware on Facebook users’ computers without them knowing. This is bad, and it is just the beginning of Facebook application problems.
Facebook Widget Installing Spyware
Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a “Platform Application”) actively spreading on the social networking site which ultimately prompts users to install the infamous “Zango” adware/spyware.
…
As of writing, the widget is already being used by 3% of the Facebook community, which amounts to over one million users – all in a very small time-frame. This demonstrates the effectiveness of the propagation strategy employed by the widget, as well as the potential capitalization on a large user base such as Facebook’s.
Posted: January 3rd, 2008 under Security & privacy.
Comments: 3 |
1,470 views
Comments
Comment from Jessica
Time: January 3, 2008, 6:13 pm
I don’t know about the spyware part, but the social worm portion has been in quite a few facebook apps. There was one a few months ago in which you had to spam your friends – and have them spam other people in order to win an Amazon gift card.
And it seems to me there have been a bunch that “require” you to invite your friends to install. Mind you, on one level I am tempted to keep a mental list of the people who constantly spam me with vampire/pirate/dragon/baby Elder God invites and just invite them. So far I have resisted the temptation, and cancelled out of the apps instead.
My current peeve is the free IQ test which offers a “free detailed report”. The Canadian version sends you on a twisty maze of sponsorship links which don’t seem to end until you give your credit card number for a trial offer at one of them – not my idea of free.
Pingback from Lemmingworks » Andrew Patrick ยป Spyware being installed by a Facebook application
Time: January 4, 2008, 4:32 am
[...] want to offend friends who invite me… which is an interesting form of leverage. But Andrew (who has invited me to speak on Songchild this winter) points out that badness is already [...]
Comment from Andrew
Time: January 7, 2008, 11:13 am
Zango is now stating that they are not installing spyware using this application:
A report from security firm Fortinet that a Facebook application was attempting to sneakily install adware on user’s computers is “completely false,” according to Zango, the company which makes the adware.
http://blog.wired.com/27bstroke6/2008/01/adware-maker-sa.html
It is not clear who to believe.
Write a comment