[ad]
So facebook has finally fallen victim, after the recent Orkut worm now we have malware infection from Facebook, an application called Secret Crush. The application was renamed as My Admirer but that seems to be gone now too.
The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe, technically from ZangoCash.com.
It seems like Social Networks are a big target for infections now as the sheer mass of users there means that if the bad guys get a good piece of self-propagating code mixed up with a dose of social engineering they will achieve a massive infection.
The text included to the request entry is “One of Your Friends Might Have a Crush on You!”. Additionally, the buttons are ‘Find Out Who!’ and typical ‘Ignore’. It appears that Secret Crush is not included to Facebook Application Directory (no log-in needed) any more. Reportedly FortiGuard Team has informed Facebook guys and probably the application has been disabled already.
Although the application has been disabled (Good work Facebook) it shows what can happen, and it will happen again that’s a guarantee. This is just the beginning.
Source: Securiteam
Nobody_Holme says
The applications system on facebook is a playground. I’ve seen at least 5 that throw badly written code at you when you use them… All of it seems to walk straight into firefox and die, but who knows. scrolling down to the bottom of the page and working up hitting every ignore button you come to (the real one will always be below anything the application generates) works quite well. Meh. social networking is a stupid idea… *wonders why he even uses it*
Sir Henry says
I have never understood the draw of facebook (or myspace, for that matter). But, it would seem that both places would be rife with opportunity to infect the users of each. Admittedly, I do use LinkedIn and wonder what types of opportunities are available there. I tend to only get emails for connections, but wonder if someone has been able to work in phishing attempts that would lead to the enumeration of data. Given, there is not much that they could get, but would still be worth investigating.
Darknet says
Well I never understood the point of Myspace, it’s all too chaotic and well for lack of a better word – pointless. It doesn’t really map out any relationships or give good ways to find lost friends. I was waiting for something that could replace Friends Reunited as that was never updated, Friendster wasn’t it…thankfully Facebook was. I’ve found people all the way back to Primary School and close friends I’ve lost touch with through moving country that I’ve been able to get back in contact with. I really like Facebook, the way it’s set up, the privacy system and the extendable application API. It’s everything a social network should be for me.
goodpeople says
Personally I don’t use sites like facebook, myspace, linkedin, or whatever. I can understand that people use it, but for me it’s just a big waste of time.
There is one thing funny tho that we all should realize. This online social networking thing works exactly opposite of how it should work if it were in the real world. In the real world you can hide in the safety of a big crowd. Online is different. The bigger the audience, the greater the target.
There is a lesson to be learned here….
Pantagruel says
With the rise of the social networks we will most likely see an increase in malware specifically targeting these kind of sites. Moving about it’s very good on maintaining close contact with friends and social network sites fill exactly that need.
The phishing opportunities of these communities are superb. Quite some users are freely giving details about themselves/their live style/faimly members/etc making it easy for others to find them and for abusers to get enough info to borrow their identity.
Again all depends on education and I wonder if facebook ad alikes put a strong emphasis on educating their users about the abuse possibilities they themselves provide.
eM3rC says
First google, now facebook… I would be willing to bet that eventually there will be one of these viruses that will spread from these social networks to peoples computers allowing a both rapid and wide spread outbreak.
I agree with the above users about facebook, myspace etc being fairly useless, but I must confess that I use it to keep in touch with my overseas friends.