Facebook App Installs Spyware

John Musser
Jan. 07 2008, 02:32AM EST

Anyone who has installed the third party Facebook application "Secret Crush" is at risk of installing spyware according to this report from security firm Fortinet. Apparently the app entices users by saying "one of your friends my have a crush on you" and then once installed it attempts to download the infamous spyware Zango. The malicious widget authors get rewarded with as much as over $1 USD upon each successful installation, according to Zango's affiliate program rates (note that as of January 4, the widget changed its name from "Secret Crush" to "My Admirer" and as of today WebWare reports that Facebook has disabled the application completely).

secret crush

Fortinet reports that over 1 million Facebook users may have been infected due to the aggressive way the application encourages invites to 5 or more friends. Effectively that point where viral marketing meets virus software:

This practically makes the widget a Social Worm. Unlike many social worms, the "Secret Crush" propagation strategy does not rely on phishing or any sort of user-space customization feature abuse (see our primer on social worms ). Rather, it relies on pure social engineering which is based on simple manipulation strategies such as "escalation of commitment". Since users have freely chosen to install the widget at the cost of disclosing their personal information, psychologically speaking it is difficult for them to stop the process at that point. Therefore, most of them will invite at least 5 friends to complete the process. Even after that step, no crush of any sort is revealed

secret crush alert

This is not the first time that mashups and widget security has been the topic of discussion as you can see some of our earlier reports including Mashups as Hacker's Dream and Banned Books and the Big Brother Mashup.

It's likely we'll see more and more variations of mashups and widgets being used for phishing, spyware and other scams this year. The allure of access to such large user bases and the proliferation of open platforms are going to give security experts a whole new speciality.

John Musser

Comments

Comments(17)

[...] Facebook App Installs Spyware “Anyone who has installed the third party Facebook application “Secret Crush” is at risk of installing spyware according to this report from security firm Fortinet.” (tags: facebook applications spyware Security) Book Mark it-> del.icio.us | Reddit | Slashdot | Digg | Facebook | Technorati | Google | StumbleUpon | Window Live | Tailrank | Furl | Netscape | Yahoo | BlinkList [...]

[...] første historie handler om applikationen ‘Secret Crush’, der nu viser sig at kunne bruges til at sprede spyware-pro.... Ifølge Programable Web fÃ¥r udviklerne af applikationen lige omkring en dollar for hver gang, det [...]

[...] 最近的Facebook Apps传播Secret Crush spyware新闻。我觉得Facebook像是是一个marketing或spamming工具,因为如果你没有设定关闭邮件通知,你的邮箱时不时会接受邮件通知说朋友的活动更新,不管是大是小的。尤其朋友圈越来越大,什么无聊的游戏poke来poke去。 [...]

DC

I dont use any 3rd party software from facebook, but soon as i log in my CPU usage goes through the roof & doing anything becomes difficult.