madison
Home / News & Blogs

Facebook disables rogue data-stealing, spamming apps

Elinor Mills CNET News | August 20, 2009 5:30 AM PDT

Summary

Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing login credentials and spamming victims' friends.

Topics

Facebook, malware, phishing, spam
Update: Facebook on Thursday said it has disabled a group of rogue apps that were stealing Facebook user log-in credentials and spamming people.

"We have disabled all of the apps in question that violated Facebook Platform policies," a company representative said in an e-mail.

The apps were discovered earlier this week by Trend Micro researcher Rik Ferguson, who detailed the problems in a blog post.

Here's the original story:

Security firm Trend Micro warned on Wednesday that a handful of rogue Facebook apps are stealing login credentials and spamming victims' friends.

So far, six malicious applications have been identified: "Stream", "Posts", "Your Photos", "Birthday Invitations", "Inbox (1)," "Inbox (2)" according to a blog post by Trend Micro researcher Rik Ferguson.

As of Wednesday afternoon, all of the apps were live except for "Stream", he said in an e-mail.

The activity started earlier in the week with a Facebook notification Ferguson says he got from an app called "sex sex sex and more sex!!!", which has more than 287,000 fans. The notification said that someone had commented on one of his posts. That app doesn't appear to be malicious and may have been compromised somehow to begin the distribution of the spam, he said.

That first notification included hyperlinks that led to a phishing site on the "fucabook.com" domain, allegedly registered to someone in Armenia, he said. Once Ferguson gave up his credentials (for a Facebook account he uses for research purposes) he was directed to Facebook and to an application install screen for the app called "Posts".

He installed that app and immediately his friends were spammed with a bogus notification "Profile_name has sent you a message", with the hyperlink to the phishing site.

On Tuesday, the first couple of apps were sending notifications that hyperlinked to the fucabook phishing site but by Wednesday the destination had changed to a simple IP address rather than a domain name, he said. A JavaScript that pulls up Facebook bounces the browser around among any of the six rogue apps to get them widely installed and the cycle continues, he said.

All the apps look and act exactly the same and include ads.

"I am keeping Facebook informed of these developments as they arise and they are working hard to rectify the situation," Ferguson wrote on his blog.

A Facebook spokeswoman said the company was looking into the matter and would provide more comment later.

Ferguson recommends that Internet users always check the URL displayed in the browser address bar before entering any sensitive information on a site and hover the mouse over a hyperlink to see the URL. Facebook users should also review their privacy settings regularly and delete any applications they no longer use, he said.


This screenshot shows evidence of the phishing scam on Facebook.
Credit: Trend Micro

This article was originally posted on CNET News.

Talkback Most Recent of 16 Talkback(s)

  • Facebook apps
    I'm already deeply suspicious of facebook apps. Many of them seem to
    be little more than chain letters ("send this to all of your friends") and
    many of the "send a drink/snack/smile/ETC" seem to encourage
    content-free communication. Also, I'm bombarded by "send a drink,
    ETC" requests from friends who I know have something better to do. My
    suggestion - sign your messages with a catch-phrase and tell your
    friends to ignore anything that doesn't have the catch-phrase.
    ZDNet Gravatar
    a.barry@...
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    Everybody should deactivate their Facebook account (you can't actually delete it) until Facebook cleans up it's act. My account was hacked and a scammer was sending my friends bogus messages indicating that I was stuck out of town and needed money to be wired. I immediately 'deactivated' my account and have advised all of my other contacts on Facebook to do the same.

    You really don't expect Harvard grads to have your best interests at heart - do you ?
    ZDNet Gravatar
    Steven J. Ackerman
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    We got attacked last week. A friend sent a link with the title "Cool". It dropped a trojan horse on all our facebook friends. I had to have my laptop reimaged wink Major down time
    ZDNet Gravatar
    mgil@...
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    FB how can we steal from you & upset you, our speed is cr*p our apps are rogue why do we even carry on - because we can & the money os quick & easy
    ZDNet Gravatar
    ed3602us@...
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    its about time this FB showed its true colors....a trojan/virus breeder. Web based storage and site providers like FB need to clamp down on the security of the files being transmitted to storage and viewing. it is irresponsible on their part (since technically, they store it, they own it) for not scanning for such things. Allowing applications to freely roam about is an web based operation offense to shut them down and stop this ramped trojan/virus breeding location.
    ZDNet Gravatar
    dtroyerSMU
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    I think for the most part people shouldn't go
    to outside links from facebook unless you know
    what it is and if something says your facebook
    friend has sent, make sure they really sent it.
    It has happened to me a link that some has sent
    me supposedly from a facebook friend and then
    people spamming my walls and then you the user
    gets disabled by facebook, when facebook should
    be investigating when something like that to
    see if you are the victim of phishing and I
    agree that they need to crack down on this
    activity and also, becareful to not disable
    somebody, because they may be a victim and not
    make you look bad, because this has happened to
    you.
    ZDNet Gravatar
    bondservant4jesuschrist
    20th Aug 2009
  • It's easy...
    Either Facebook, or trusted people acting as a proxy, tests things & validates what's going on.

    For things which haven't been tested, they are labeled as such: use at your own risk.

    The number of "approved apps" will be very small, particularly at the beginning, but: would you feel better about using a small (but growing) number of apps vs. not knowing anything about all of the apps?
    ZDNet Gravatar
    Mihi Nomen Est
    20th Aug 2009
  • How is this any different....
    ... than installing "regular" (any) apps?

    Granted, the operating system you use will likely make a difference, but I don't understand how people automagically [sic] believe they are safe?

    (See another comment later about getting approval for Facebook apps)
    ZDNet Gravatar
    Mihi Nomen Est
    20th Aug 2009
  • uh-huh, except that...
    "..hover the mouse over a hyperlink to see the URL."

    doesn't work on facebook's links as everything is scripted into bottons created with flash, and the like and nothing is displayed when you do this. Also the link in the address bar doesn't always change when you click on things. In order to change this they'll need to strip the FB site down and get it back into basic HTML, and java script.. .while i do realize it's nice looking design is what seems to be giving it's popularity, but; it'll ALWAYS be a security hazard as it is.

    between that and it takes forever to load the facebook site. probably because they have the site's domain and server in two different places. ever notice that when you login and the status bar tells you connecting to ak.static.fbcdn.net, and b.static.ak.fbcdn.net waiting for reply instead of just facebook.com? Those are two reason's i rarely ever log into facebook. i've always been a bit suspicious of that, since the place the data comes from doesn't match the domain in the address bar.
    ZDNet Gravatar
    sir_cheats_alot@...
    20th Aug 2009
  • All these social networking sites will fade away eventually....
    I'm glad I'm not on facebook....not that I would be dumb enough to fall for the fake apps in the first place...but it's sad that more security precautions are not in place from the beginning.

    But that's all you hear about nowadays....the raging popularity of MySpace got all the media attention, then it became a haven for predators and viruses, spam, etc....now the same thing with facebook, and Twitter has recently came under fire for the same garbage..

    Good riddance I say to all these kind of sites, I don't use them, and even the people I know that do use them will complain about all the stupid spam they get from Mafia Wars, LOL!

    If I need or want to let people know what's happening in my life I will give them a call....no need to let the whole internet know everything.
    ZDNet Gravatar
    drdoug99@...
    20th Aug 2009
  • Why...
    ...do you comment on internet articles then?
    ZDNet Gravatar
    fog_za
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    Social networking sites will continue to grow and evolve. Security concerns will be eventually addressed but security threats will always be there and users have to be careful and prudent in using social networkiung sites and other sites on the internet. The role of Internet is there to stay and in growing economies service delivery will not be possible without using such efficient &effective means.
    ZDNet Gravatar
    maspinam
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    I myself try to be fairly careful with sites like Facebook. I in fact do not like visiting the facebook home page unless I manually type in HTTPS://www.facebook.com myself and I then verify the certificate details before entering my password information into the web page.

    For that matter, it would make me feel much better if ZDNet had encrypted or https: log in pages for their accounts. I would never have created my Face Book account if they did not have a secure way of logging in, as there is too much personal information that Face Book requests in a registration process. Although it is not widely known that it exists, one can use the https: protocol to access the facebook log in page.
    ZDNet Gravatar
    Computer_User_1024
    20th Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam


    Facebook is (was) in litigation in canada over cancelled accounts & undeleted personal data. $$$ speak louder than words...

    IMHO, it's up to facebook to assure the security of these apps and to ME not t0 use every app that my "fb friends" send me


    cheers

    paul_saute
    ZDNet Gravatar
    psauve
    21st Aug 2009
  • RE: Rogue Facebook apps steal log-in data, send spam
    Maybe if people got a life, they wouldn't have to go through this shi*
    ZDNet Gravatar
    guiri
    21st Aug 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity