15 January 2008 | 12,826 views

The First Reported Facebook Worm/Malware Pops Up – Secret Crush

Check Your Web Security with Acunetix

So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.

The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe, technically from ZangoCash.com.

It seems like Social Networks are a big target for infections now as the sheer mass of users there means that if the bad guys get a good piece of self-propagating code mixed up with a dose of social engineering they will achieve a massive infection.

The text included to the request entry is “One of Your Friends Might Have a Crush on You!”. Additionally, the buttons are ‘Find Out Who!’ and typical ‘Ignore’. It appears that Secret Crush is not included to Facebook Application Directory (no log-in needed) any more. Reportedly FortiGuard Team has informed Facebook guys and probably the application has been disabled already.

Although the application has been disabled (Good work Facebook) it shows what can happen, and it will happen again that’s a guarantee. This is just the beginning.

Source: Securiteam





                

Recent in Malware:
- Target CIO Beth Jacob Resigns After Huge Breach
- Azazel – Userland Anti-debugging & Anti-detection Rootkit
- The Mask AKA Careto Espionage Malware

Related Posts:
- Yes – We Now Have A Facebook Page – So Please Like It!
- FBController – The Ultimate Utility to Control Facebook Accounts
- Facebook Attachment Uploader Owned By A Space

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,268 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,402 views
- US considers banning DRM rootkits – Sony BMG - 44,914 views

Advertise on Darknet

6 Responses to “The First Reported Facebook Worm/Malware Pops Up – Secret Crush”

  1. Nobody_Holme 15 January 2008 at 1:07 pm Permalink

    The applications system on facebook is a playground. I’ve seen at least 5 that throw badly written code at you when you use them… All of it seems to walk straight into firefox and die, but who knows. scrolling down to the bottom of the page and working up hitting every ignore button you come to (the real one will always be below anything the application generates) works quite well. Meh. social networking is a stupid idea… *wonders why he even uses it*

  2. Sir Henry 15 January 2008 at 2:36 pm Permalink

    I have never understood the draw of facebook (or myspace, for that matter). But, it would seem that both places would be rife with opportunity to infect the users of each. Admittedly, I do use LinkedIn and wonder what types of opportunities are available there. I tend to only get emails for connections, but wonder if someone has been able to work in phishing attempts that would lead to the enumeration of data. Given, there is not much that they could get, but would still be worth investigating.

  3. Darknet 15 January 2008 at 5:33 pm Permalink

    Well I never understood the point of Myspace, it’s all too chaotic and well for lack of a better word – pointless. It doesn’t really map out any relationships or give good ways to find lost friends. I was waiting for something that could replace Friends Reunited as that was never updated, Friendster wasn’t it…thankfully Facebook was. I’ve found people all the way back to Primary School and close friends I’ve lost touch with through moving country that I’ve been able to get back in contact with. I really like Facebook, the way it’s set up, the privacy system and the extendable application API. It’s everything a social network should be for me.

  4. goodpeople 15 January 2008 at 10:03 pm Permalink

    Personally I don’t use sites like facebook, myspace, linkedin, or whatever. I can understand that people use it, but for me it’s just a big waste of time.

    There is one thing funny tho that we all should realize. This online social networking thing works exactly opposite of how it should work if it were in the real world. In the real world you can hide in the safety of a big crowd. Online is different. The bigger the audience, the greater the target.

    There is a lesson to be learned here….

  5. Pantagruel 15 January 2008 at 10:46 pm Permalink

    With the rise of the social networks we will most likely see an increase in malware specifically targeting these kind of sites. Moving about it’s very good on maintaining close contact with friends and social network sites fill exactly that need.
    The phishing opportunities of these communities are superb. Quite some users are freely giving details about themselves/their live style/faimly members/etc making it easy for others to find them and for abusers to get enough info to borrow their identity.
    Again all depends on education and I wonder if facebook ad alikes put a strong emphasis on educating their users about the abuse possibilities they themselves provide.

  6. eM3rC 7 February 2008 at 5:34 am Permalink

    First google, now facebook… I would be willing to bet that eventually there will be one of these viruses that will spread from these social networks to peoples computers allowing a both rapid and wide spread outbreak.

    I agree with the above users about facebook, myspace etc being fairly useless, but I must confess that I use it to keep in touch with my overseas friends.