Malware is Messing with Facebook Users

By  |  Friday, February 27, 2009 at 2:04 pm

A rogue application has struck Facebook for the second time within a week, reports Trend Micro’s Malware Blog. The malware uses social engineering to hoodwink Facebook users into installing it, and then proceeds to harvest their personal information. But don’t panic yet – it’s not that easy to do.

When a user installs the application, it propagates itself by spamming their friends profiles with fake but official sounding notices that they have violated the Facebook terms of service. In order to avoid “penalties,” the user is instructed to install the application. If the would-be victim falls for it, the cycle repeats.

Trend Micro has pointed out the obvious: Facebook should review its application hosting policy. The firm also recommended that users take responsibility for what they are installing, and to do some research beforehand.

One possible solution is a verification process for applications, but the problem would have to be more prevalent to justify its costs, said Caleb Sima, an HP executive that is the former co-founder and CTO of SPI Dynamics.

“Really, I don’t have much to say about this as I have been expecting it for a while. Its no different then email. I send you a link to a program you allow it to install it takes your contacts list and spams it out. There is nothing new here. Its just applied as a Facebook app or message.”

He also predicted that malware could start arising with any type of ‘app stores.’

The silver lining is that Faceobok applications are much harder to write and distribute than e-mails are, so it won’t be as big of a problem, Sima explained. Vigilance is the best course of action, he added. “Ultimately I don’t think there is much that Facebook can do about it besides act quickly to remove rogue apps when they are reported.”

 
2 Comments


Read more: , , ,

2 Comments For This Post

  1. Alan Says:

    FaceBook had best figure out a way to start vetting these apps or it runs the risk of losing users. This appears to be happening with more frequency as it gains users. It is no longer a start-up and it needs to reflect that in how it handles these issues.

  2. sweet-G Says:

    How can we fix it? It shows me playing a truth game that I have not been playing!! Also, my passwords are all screwed up!!!!

Comment on This Story