Warning as rogue Facebook apps steal log-in data
Published: 20 Aug 2009 09:47 BST
Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing log-in credentials and spamming victims' friends.
So far, six malicious applications have been identified — Stream, Posts, Your Photos, Birthday Invitations, Inbox (1) and Inbox (2) — according to a blog post by Trend Micro researcher Rik Ferguson.
As of Wednesday afternoon, all of the apps were live except for Stream, he added.
The activity started earlier in the week with a Facebook notification Ferguson said he got from an app called 'sex sex sex and more sex!!!', which has more than 287,000 fans. The notification said someone had commented on one of his posts. That app does not appear to be malicious and may have been compromised somehow to begin the distribution of the spam, Ferguson said.
The first notification included hyperlinks that led to a phishing site on the fucabook.com domain, allegedly registered to someone in Armenia, he said. Once Ferguson gave up his credentials (from a Facebook account he uses for research purposes), he was directed to Facebook and to an application install screen for an app called Posts.
He installed the app and his friends were spammed immediately with a bogus notification 'Profile_name has sent you a message', with a hyperlink to the phishing site.
On Tuesday, the first couple of apps sent notifications that hyperlinked to the fucabook phishing site, but by Wednesday the destination had changed to a simple IP address rather than a domain name, Ferguson said. A JavaScript that pulls up Facebook bounces the browser around any of the six rogue apps to get them widely installed and the cycle continues, he said.
All the apps look and act exactly the same and include ads.
"I am keeping Facebook informed of these developments as they arise and they are working hard to rectify the situation," Ferguson wrote on his blog.
A Facebook spokeswoman said the company was looking into the matter and would provide more comment later.
Ferguson recommends that internet users check the URL displayed in the browser address bar before entering any sensitive information on a site and hover the mouse over a hyperlink to see the URL. Facebook users should also review their privacy settings regularly and delete any applications they no longer use, he said.
Credit: Rogue Facebook apps steal log-in data, send spam from CNET News
Did you find this article useful?
10 out of 10 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
