Spyware being installed by a Facebook application


I have been predicting this problem for some time, and it has now happened.

There are very few controls on who can create a Facebook application (or widget), and what they can be programmed to do. Also, Facebook users are being trained to accept a collection of permission settings each time they install a new application. The result seemed inevitable — someone would create a nasty application that did bad things.

This article describes how the “Secret Crush” widget installs spyware on Facebook users’ computers without them knowing. This is bad, and it is just the beginning of Facebook application problems.

Facebook Widget Installing Spyware

Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a “Platform Application”) actively spreading on the social networking site which ultimately prompts users to install the infamous “Zango” adware/spyware.

As of writing, the widget is already being used by 3% of the Facebook community, which amounts to over one million users – all in a very small time-frame. This demonstrates the effectiveness of the propagation strategy employed by the widget, as well as the potential capitalization on a large user base such as Facebook’s.

3 thoughts on “Spyware being installed by a Facebook application”

  1. I don’t know about the spyware part, but the social worm portion has been in quite a few facebook apps. There was one a few months ago in which you had to spam your friends – and have them spam other people in order to win an Amazon gift card.

    And it seems to me there have been a bunch that “require” you to invite your friends to install. Mind you, on one level I am tempted to keep a mental list of the people who constantly spam me with vampire/pirate/dragon/baby Elder God invites and just invite them. So far I have resisted the temptation, and cancelled out of the apps instead.

    My current peeve is the free IQ test which offers a “free detailed report”. The Canadian version sends you on a twisty maze of sponsorship links which don’t seem to end until you give your credit card number for a trial offer at one of them – not my idea of free.

  2. Pingback: Lemmingworks » Andrew Patrick » Spyware being installed by a Facebook application

Leave a Comment

Your email address will not be published. Required fields are marked *