Two rogue applications are suspected to have hit
Facebook in the space of a week, possibly harvesting thousands of
personal details.
The applications do not appear to be destructive but the first
spread quickly and widely.
The latest application is said to be posting notifications on
user's profile that say, "[Name on friend list] has just reported
you to Facebook for violating our terms of service - this is your
official warning. Click here to find out why you were
reported."
The link in the notification leads to an application named
"Facebook - closing down" which, once installed, will send the same
message to every one of the users' friends and, according to
security expert Rik Ferguson, "harvest personal information
along the way".
The first application hit users over the weekend, sending out
notifications to users that one of their friends had "faced some
errors" when checking their profile. Users were prompted to click a
link to view the error message.
Ferguson, a senior
security advisor at Trend Micro, said, "Exploiting users'
fears, uncertainties, doubts, and of course their trust in their
friends, ensured the fast spread of this application in the span of
time it was available on Facebook."
Facebook applications need to ask the users' permission before
they can access the personal information on their profile, but the
rogue application redesigned the permission-requesting page so
users did not know what they were clicking on.
The application then suggested that users check their friends
profiles for errors, helping the application to spread.
Ferguson said, "Surely these two events in the space of a single
week mean that it is past time that Facebook review its application
hosting policy that appears to be letting rogue applications of
extremely dubious intent propagate so freely?"
Facebook spokesperson said, "Facebook is committed to user
safety and security and, to that end, its Terms of Service for
developers explicitly state that applications should not use adware
and spyware. Users should employ the same precautions while
downloading software from Facebook applications that they use when
downloading software on their desktop".