Malicious Facebook Application for $25 in ten minutes

Carl Leonard, senior security researcher at Websense, demonstrated the ease with which hackers could create a malicious Facebook application using a $25 kit available on the underground market at a SpeakUp event in London looking at securing the social web.

Good way to illustrate how low the barriers to entry have fallen. The kit comes complete with templates and all files, such as privacy policy that grants unlimited rights to the publisher of the app, and scripts for publishing the application.

The kit also provides for additional web pages within the application for bogus free iPad 2 offers, surveys and giftcards as tools to collect personal data such as email addresses, which can be sold and converted into money on underground markets.

It is no wonder that in the past year Kaspersky Lab has seen 100,000 pieces of malware designed to work in the social media environment, when creating a legitimate-looking app is as easy as copying and pasting a few details into a template.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Thanks so much for spreading the word about the proliferation of hacker programs. This is definitely something that everyone should be aware of and particularly those companies who have incorporated social media as part of their marketing strategy should pay close attention to these continued efforts to infiltrate corporate networks. Another reason why ensuring network layer Data Leakage Prevention (DLP) for corporations is fast becoming a necessity to prevent the outflow of user/corporate data. Our company, Wedge Networks has focused on building such solutions for years and is leading efforts to prevent the good things from flowng out and bad things from flowing in.
Undeniably believe that which you stated. Your favorite justification seemed to be on the net the simplest thing to be aware of. I say to you, I definitely get annoyed while people consider worries that they just don't know about. You managed to hit the nail upon the top and also defined out the whole thing without having side-effects , people can take a signal. Will probably be back to get more. Thanks