MALICIOUS FACEBOOK APPLICATION – Take Notice
I just wanted to let everyone know that there is a nasty malicious Facebook Application going around out there. For the second time in less than a week, Facebook users have to deal with a widespread attack due to malicious third-party applications. The latest attack is sending out notifications that users are in violation of Facebook’s Terms of Service.
For the second time in less than a week, Facebook has been forced to squelch a rogue application targeting users of the site.In the most recent attack, users have been receiving notices stating they have been reported for violating Facebook’s terms of service by someone in their friends’ list. A link in the notification leads to an application called “”f a c e b o o k – - closing down!!!” being installed. 
According to TrendMicro Security Experts, the application, once installed begins to churn out spam messages out to the victim’s friends that are similar to this one: “[Friend's name] has just reported you to Facebook for violating our Terms of Service. – This is your official warning! – Click here to find out why you were reported! – Request Facebook look at what has happened and rule immediately.”
It appears that Facebook has since removed the application. However, the challenge of what to do about securing third party developed applications lingers. Roughly a week ago, users were hit by a similar application called “Error Check System,” which posted fake error notifications in a Facebook user’s profile in its attempt to spread.
While security experts offered no concrete numbers to indicate how many users had been affected by the attacks. “One of the problems is that Facebook allows anybody to write an application, and third-party applications are not vetted before they are made available to the public,” blogged Sophos Senior Technology Consultant Graham Cluley. “So, even as Facebook stamps out one malignant application, it can pop up in another place like a poisoned mushroom with a different name.”
Facebook has repeatedly said that the responsibility for securing third-party applications lies with the developers themselves. Third-party developers are the cornerstone of Facebook application growth and it would be nearly impossible for Facebook to review the code of every single application submitted.
So if you receive a notice like the one shown – PLEASE DO NOT INSTALL THE APPLICATION. We as a community can fight these spammers together!
Just a follow up on this article, It appears that the Koobface worm has managed to wiggle its way back into Facebook. This worm enters via a link that’s sent to users from “a friend”, leading to a video on a fake version of YouTube. According to Rik Ferguson of the Trend Micro blog, “On the face of it, it is a very familiar looking spoofed version of YouTube, complete with bogus comments from ‘viewers.’ Once the user clicks on the Install button, it redirects to a download site for the file setup.exe, which is the new Koobface variant detected as WORM_KOOBFACE.AZ.” However, not only Facebook has been effected but numerous other social wesbites such as: myspace.com, bebo.com, friendster.com, tagged.com and myyearbook.com
Leave a Reply