Malicious Facebook app does the rounds

3 Mar 2010

The latest security threat to hit Facebook is a malicious application that spreads quickly by enticing users to create their own app that then inadvertently clones one of the template spam applications.

This malicious Facebook application is doing the rounds in the guise of ‘Who is checking your profile?’ or similar and begins with a link posted onto your Facebook wall by a friend or trusted connection, says Websense Security Labs researchers Erik Buchanan and Jason Pope.

There are other similar apps, including ‘Who Always stalks Your Profile?’ And ‘Who Always Look into My Album??’

Once the user clicks on one of these applications they have to grant the application extended permissions in order to post messages. While this will list friends, it appears to be a list of all or a random subset.

The idea is to give the user both a sense of motivation and a sense of trust but the most dangerous aspect is the fact that Facebook users are already acclimatised to giving up control of their data to third-party application developers without thinking about the consequences.

“The most important thing for Facebook users to remember is that clicking ‘Allow’ authorises an application, and by doing so you are giving it the proverbial ‘keys to the kingdom.’

“Do not add any applications that you do not trust. You can assess an application’s reputation by clicking on the application name without authorising the application.

“Look at the reviews of the application to see what other users are saying about it. Spam applications typically have reviews stating so,” adds Websense.

By Marie Boran

Photo: A malicious application that entices users to create their own app has hit Facebook