Thursday, February 26, 2009

New Facebook threat emerges


FACEBOOK diehards beware. A new threat has emerged in a form of a third-party application.
IT security and control firm Sophos has reminded users to exercise caution about which third-party applications they install on their profile.

The warning follows reports that a rogue application, called ‘Error Check System’ has bombarded some members of the social networking site with bogus notification messages saying that friends had experienced problems viewing their profiles. Since Facebook does not approve applications before they are made available on the site, users are often putting their trust in complete strangers when they choose to install the next application.

In this instance, there was nothing wrong with the recipient’s profiles and the warning messages were in fact a viral attempt by a third party to recruit more users, and - potentially - steal personal information for financial gain. "Facebook applications are very popular and once all your friends have downloaded the latest must-have, it’s very tempting to follow suit," said Graham Cluley, senior technology consultant at Sophos.

"But, installing all applications sent your way, could open up serious holes in your security and allow hackers to gain access to your profile and the information stored on it. Just like with other computing applications, it's essential to exercise caution when you're not sure of the origin - just because your friends have downloaded it, doesn't necessarily mean it’s safe."

Another IT security firm F-Secure, meanwhile, reported that the latest Facebook fake application is a particularly sophisticated form of social engineering.
This program doesn’t lure users into installing malware promising nude pics of Angelina Jolie or a Nigerian inheritance, this applications spreads to generate publicity for itself. Once the media report on the suspected Facebook threat, and tech-savvy readers google the name of the application to find out more about it, that’s where the actual threat surfaces: rogue anti-virus sites that appear among the search results.


The Facebook application didn't do very much other than spread itself… it did however create a newsworthy story. And now people will be searching for that story and will stumble upon fake anti-virus sites and inject themselves with malware. F-Secure said the "Error Check System" application does not do anything malicious but it does spread to the user's friends without any form of interaction or authorisation from you.

In other words, it spreads like a worm causing more Facebook users to install the application. However, if the user is curious (which in this case, highly likely would because Facebook users kept getting notifications that your friend has faced some errors when checking your profile) and punches in "Error Check System" in Google, the first result returned will prompt you to install a rogueware when clicked on.

Facebook users can recognise what they are seeing is a fake Facebook application because this application has very poor grammar, but then again applications available on Facebook are not verified by Facebook. You are using and installing them at your own risk.
F-Secure said at the moment, Facebook users should exercise extreme caution when installing these third-party applications. Always when in doubt, think twice and if it is too good to be true, it truly is.

For more info go to:

No comments: