Rogue Application Exploited Facebook’s TOS to Target its Users
The popular social networking site Facebook is hit by another malicious application that includes posting of false notifications on the profiles of the site's members. The notification says that a friend (name taken from the contact list) has reported the recipient's name to Facebook for violating the site's TOS (terms of service). While the notification is an official warning, the recipient must click on a given link to know the reason why he was reported, said the message.
But when users click on the link, they have an application known as 'facebook---closing down!!!' loaded on their computers. This application subsequently sends the same message to all friends of the user.
The reports revealed that the scam is the 2nd one in just one week. During the 4th week of February 2009, several users of Facebook encountered the 'Error Check System', a rogue application that spammed out messages to a member's friends claiming of problems in seeing their profile.
Security experts state that the problems' principal cause is that the site allows any visitor to develop an application and because of this, malicious programs repeatedly pop-up on Facebook.
Warning about the risks of downloading Facebook applications, Graham Cluley, Senior Technology Consultant, Sophos, said that it seemed to be a new trick of spammers trying to steal identities to set up their information lists of selected targets, as reported by Webuser on February 27, 2009.
Rik Ferguson, Solutions Architect at Trend Micro, an Internet security provider, said that the two similar events within one week certainly imply that Facebook needs to examine its program hosting procedure so that malicious or dubious applications are not allowed to proliferate so freely, as reported by vnunet on February 27, 2009.
However, while attempting to stop the destruction by the attack, a Facebook spokesperson said that the company was committed to the security and safety of its users and so its TOS explicitly outline that applications written for the site should not employ spyware and adware, as reported by ComputerWeekly on February 27, 2009. The spokesperson also stated that users downloading programs from Facebook applications must exercise similar caution as those employed when ordinarily taking down programs on their computers.
Related article: RSA Attendees Responsible for Wireless Vulnerability
» SPAMfighter News - 3/9/2009
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!