Skip to navigation
   
Davey Winder's Blog
RSS

One million Facebook users exposed to Zango worm

By Davey Winder in Editorial

Posted in Blog, Spyware, Facebook, Security, Internet on January 3, 2008 at 11:12 pm

Permalink | Author Profile

Given the popularity of Facebook applications, those annoying widgets which people in your network naturally assume you will be interested in (even though most are banal even by widget standards), it was only a matter of time before the trend was exploited by those with a less than social motive. And so it is that security threat researchers at Fortinet have uncovered a malicious widget which has already found its way onto the computers of 3% of Facebook users - or a million people if your prefer.

The Secret Crush application spreads by Facebook users getting a notification from someone in their network who has already installed the widget, which informs them that one of their friends has the hots for them. The wording is such that suggests it might be the friend who sent the invitation, but the only way to find out is to install the application itself. At this point the plot thickens, because using an escalation of commitment strategy Secret Crush the widget once installed will only reveal the identity of your secret admirer once you have invited another 5 of your friends to install it. According to Fortinet, even after inviting those 5 friends there is no revelation other than an invitation to download a ‘crush calculator’.

Fortinet has examined the page source of the advertising frame that is displayed and discovered it is hosted at zango.com, within the affiliates section. Downloading the application actually leads directly to a copy of Zango, the in famous adware/spyware that used to be known as 180Solutions. Download this and rather than a secret crush you will find yourself being courted by adverts.

Although there is no way of knowing the exact figures, the authors of Secret Crush are likely to be getting a few pence for every download, which multiplied by a million or two clicks soon adds up.

Fortinet CMO Richard Stiennon included “malicious Facebook widgets” in his list of security threat predictions for 2008, and it looks like he was right on the money. There seems to be no mechanism in place at Facebook to protect users from this kind of malicious application. Hackers could implement a similar scheme but replacing the Zango IFrame with a drive-by install engine instead.

“Keep in mind that, given the odds, people are likely developing Facebook “Platform Applications” for profit rather than just for fun. Now, this does not mean that all widgets are going to be malicious. As in every business frame, honest ways to generate profits surely exist on Facebook, in exchange for providing a service to users who subscribe to it. However, users must be aware of this, and resort to a blend of common sense and protection gear to avoid being scammed and abused” advises Fortinet EMEA Threat Response Team Manager Guillaume Lovet.

12345
Rated: 100% (1 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments
This article has no comments yet.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

botnet management web virtual world rootkits documentation Netbook credit card fraud law SMS Microsoft patch management Jobs MessageLabs migration broadband mobile Death workplace BSI patent Funny policy ISPA Battery computing Retail Acer Linux security news web 2.0 Media OS Sony Mobile Phone banks McKinnon xmas Psion Russia environment worm prison Bill Gates Blog Palm FBI Jesus Phone green Texting Olympics adware IT hacking Army biometrics tax banking Government surveys SSL debian Adobe recession lawsuit development Rant BOFH Supercomputer Eee PC Programming IBM Noro earth hour MiniBook productivity Psychic desktop transactional security Blogging Recall Top 500 Eee exploit poll work shopping Michael Jackson chips library hubdub christmas RAM HPC snooping world of warcraft copyright Project Meh Video OCR Firefox Apple Nintendo Kaspersky Experiment students Rumour report statistics virtual machine payments Yahoo Ballmer Patents Internet linkedin hypervisor iPod Lotus Web Development survey Parenting meme ecommerce size Data Centre trust outsourcing data protection economy gaming Browser ASUS Gadget e-commerce virus office AMD terrorism Palm Pre Banned archiving Conference fraud graphics phishing standards museum fun fool Windows 7 Silverlight Obama science Flash Twitter spending Digg HP carbon copy Performance computing Application staffing credit crunch VM IDC NASA IP XP hardware Kill Switch Paris Hilton China second life virtualisation data tech theft global President Cisco printing Mobile Phones Business CAPTCHA computer Gartner Study crime information service digitise Education payment server universe money Pirate Energy Trojan console scam malware economics PS3 avatar smartphone Military disclosure social networking books technology Deal Vista fake Texas Instruments Steve Jobs innovation Research School Trousers Sex Finjan search holidays worker The Federation Beta NBC open source email spam Google Earth compromise Zango storage black hat scareware MSN MSNBC dumb betting Game admin Madness USA Big Brother symantec Steve Ballmer Mars remote working Notebooks home DNS Health services campaign Dell Space InfoSec network iPhone 3G iPhone sick Google EU iPhone 3GS games stupid VeriSign remote man-in-the-middle Hack code Microchip VPN monetisation YouTube memory Facebook stupidity help Windows ID Theft Children millions Software teleworking hacker politics privacy Gateway ROFL acquisition Porn scan family
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement