The latest security threat to hit Facebook is a malicious application that spreads quickly by enticing users to create their own app that then inadvertently clones one of the template spam applications.
This rouge app, is said to come in many variants of “Who is checking your profile?” and has hit Facebook with improved technique as compared to previous attacks seen on Facebook.
The application is said to trick users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys. This way, with so many clones, it will be harder for Facebook to block the malicious app.
WebSense’s blog says, “The attack starts with a friend, whom you trust, posting a link on your wall, asking you who is checking your profile. It also entices you by telling you that your friend is viewing your profile.”
Making fake “who view your profile” applications have come and gone many times on Facebook. So, the rough app is said to ask users to create their own Facebook application, which i suppose will be a cool thing for most people. When the user enters their application’s API and application secret, the new application is used to clone one of the template spam applications, each with a different name and icon to entice users.
Some other malicious application(might be the clones) that are; Who Block me?, Who is in your mind?, Who stalks your profile?, Who Always Look into My Album?? etc.. Well, they all really looked enticing right?
Most fake apps are reported so in the application page by users. So, it is always a good practice to check out the application page and read the reviews, rather than just click on “allow”, and give control to the application.
Applications that are “who view your ….” type are not one to be trusted. Neither should they are trusted today nor in the days to come. Facebook policy doesn’t allow apps with such capability. So, never trust such apps, spread the word and keep your online community safe.
[For more details and screen shots, check out the source: WebSense]
{ 1 comment }
