Facebook hit by two rogue apps in a week

Two rogue applications are suspected to have hit Facebook in the space of a week, possibly harvesting thousands of personal details.

Two rogue applications are suspected to have hit Facebook in the space of a week, possibly harvesting thousands of personal details.

The applications do not appear to be destructive but the first spread quickly and widely.

The latest application is said to be posting notifications on user's profile that say, "[Name on friend list] has just reported you to Facebook for violating our terms of service - this is your official warning. Click here to find out why you were reported."

The link in the notification leads to an application named "Facebook - closing down" which, once installed, will send the same message to every one of the users' friends and, according to security expert Rik Ferguson, "harvest personal information along the way".

The first application hit users over the weekend, sending out notifications to users that one of their friends had "faced some errors" when checking their profile. Users were prompted to click a link to view the error message.

Ferguson, a senior security advisor at Trend Micro, said, "Exploiting users' fears, uncertainties, doubts, and of course their trust in their friends, ensured the fast spread of this application in the span of time it was available on Facebook."

Facebook applications need to ask the users' permission before they can access the personal information on their profile, but the rogue application redesigned the permission-requesting page so users did not know what they were clicking on.

The application then suggested that users check their friends profiles for errors, helping the application to spread.

Ferguson said, "Surely these two events in the space of a single week mean that it is past time that Facebook review its application hosting policy that appears to be letting rogue applications of extremely dubious intent propagate so freely?"

Facebook spokesperson said, "Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware. Users should employ the same precautions while downloading software from Facebook applications that they use when downloading software on their desktop".

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close