A rogue application has struck Facebook for the second time within a week, reports Trend Micro’s Malware Blog. The malware uses social engineering to hoodwink Facebook users into installing it, and then proceeds to harvest their personal information. But don’t panic yet – it’s not that easy to do.
When a user installs the application, it propagates itself by spamming their friends profiles with fake but official sounding notices that they have violated the Facebook terms of service. In order to avoid “penalties,” the user is instructed to install the application. If the would-be victim falls for it, the cycle repeats.
Trend Micro has pointed out the obvious: Facebook should review its application hosting policy. The firm also recommended that users take responsibility for what they are installing, and to do some research beforehand.
One possible solution is a verification process for applications, but the problem would have to be more prevalent to justify its costs, said Caleb Sima, an HP executive that is the former co-founder and CTO of SPI Dynamics.
“Really, I don’t have much to say about this as I have been expecting it for a while. Its no different then email. I send you a link to a program you allow it to install it takes your contacts list and spams it out. There is nothing new here. Its just applied as a Facebook app or message.”
He also predicted that malware could start arising with any type of ‘app stores.’
The silver lining is that Faceobok applications are much harder to write and distribute than e-mails are, so it won’t be as big of a problem, Sima explained. Vigilance is the best course of action, he added. “Ultimately I don’t think there is much that Facebook can do about it besides act quickly to remove rogue apps when they are reported.”