‘Secret Crush’ Application Installs Adware on Facebook Users
Researchers at Fortinet, the vendor for gateway security, discovered a scheme that distributes adware on the social networking site Facebook. The attack is first of its kind on the widely used online portal.
The application that poses as an authentic expression of a 'Secret Crush' and informs users of Facebook about other participants, who feel attracted to their charm, actually tries to download and install Zango's adware program.
The 'Secret Crush' software tries to entice members who download the program to forward it to other Facebook users on their address list, the research by Fortinet reveals. The malicious 'Secret Crush' application has so far infected 3% of Facebook surfers, more than one million computers, according to the Security Company.
Guillaume Lovet, Manager of Fortinet's European Threat Response Team, said that the 'Secret Crush' is truly a social virus and not any traditional malware that spreads through a maliciously designed code. The worm even manipulates users to forward it to more people, Lovet said. PC World published this, January 3, 2008.
In another statement, Lovet said that people now-a-days are developing 'platform applications' on Facebook to gain profits rather than just have fun out of them, but that does not necessarily indicate that widgets of all kinds are malicious. Vnunet published it on January 3, 2008.
Lovet added that there are honest methods that people could apply on Facebook to generate profits but users need to apply their common sense and ensure protection against scams.
He called for caution on social networking sites that are rapidly becoming dangerous platforms and warned users to be wary and to patch their browsers to avoid risks.
The spread of adware has been fast because people welcome new applications on Facebook after learning to avoid them with respect to e-mail attachments.
According to security research engineer Derek Manky at Fortinet, many new users browsing social networking sites run un-patched computers and Fortinet is beginning to observe cyber criminals' shift from spam to such sites. Wired published this on January 3, 2008.
In 2006, the FTC fined Zango $3 Million for allowing third parties to install its 'Secret Crush' adware without taking users' permission.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 16-01-2008