Malicious Facebook app infects 5 million in 48 hours

The post from Timothy Wong, one of ITBusiness.ca’s Facebook friends, sounded apologetic: Is it just me or is there another Facebook app spambot? Looks like it started sometime today. It appears to be gone for now. It would tag people in photos and add an external link. Is it a security issue or just another annoyance?

Turns out Wong was right, over the last few days people on Facebook have been receiving spam messages purporting to come from their Facebook friends. Unfortunately, according to Claudiu Popa, principal of Toronto-based security firm Informatica Inc., the spam has not disappeared and it is a real security threat not a mere annoyance for Facebook users.

James Reid, head of the threat team at Webroot Software Inc., a Bloomfield, Colo.-based developer of security software, also reported that the malicious app managed to infect no less than 5 million Facebook users in a span of 48 hours since it was discovered late last week. He said more it is possible another four to eight million user could be infected by now.

“Popularity is what’s fueling the infection,” Popa said.

The security specialist explained that over the last few months there has been an increase in incidents of cyber criminals taking advantage of Facebook’s application platform and users tendency to share with friends whatever file, link, or image they receive.

People, he said, are tricked to clicking on the app which leads the user to sites that harvest digital profiles and personal information.

Related stories

Facebook Bible: everything you need to know about Canada’s favourite social network

How to not get phished like the Canadian government

Facebook advertisers scam users into forking over cash

Nearly 40,000 Facebook users duped by gift card scam

“The perpetrators know that there’s hardly any filter on Facebook to prevent uploading malicious apps and links. They also know that if one person receives a link, he or she is more than likely to send it to other friends,” said Popa.

Reid of Webroot said this latest threat comes at heels of last month’s Facebook clickjacking incidents and a series of scams that tricked people into going to fake sites seeking donations for victims of the earthquake and tsunami disaster in Japan.

How rogue Facebook app works

Reid said victims of the current Facebook spam app typically receive a message that purports to come from a Facebook friend of theirs. Reid said the spammers would likely have gotten hold of the friend’s contact or friends list through a previous phishing attack.

“The message seems innocuous at first – a Facebook friend asks ‘was this an image burn of you?” said Reid. A photo burn is a term typically used for digital photo manipulations where two or more images are fused or incorporated into a single image.

The message comes with a photo of a dog with human eyes and a shortened URL link. “When the intended victim clicks on the link, they are brought to a site which asks them permission to access their profile information. Once the user does so, they are hooked,” said Reid.

The bait images and phrases change, he said, but essentially the scam takes users to a site that harvests personal digital information. The profile information also gives the cyber criminals access to the victim’s contact list providing them with more potential victims.

“The questions are crafted in such a way that the victim feels compelled to provide permission his or her profile information.” In other instances some sites would suddenly warn that your machine is infected and that you need to provide access permission for an antivirus program to do its work, said Reid.

How you can protect yourself

Popa of Informatica, said there are several ways Facebook users can protect themselves.

The first and most obvious strategy, he said, is to avoid clicking on messages that you are suspicious of.

Then, Popa said, Facebook users can change their Facebook settings to prevent applications from automatically being activated. This may cut down on the site’s “fun factor” but at least you’ll be safer said Popa: “You won’t be able to play any of those games like Mafia Wars or Farmville or answer any surveys, but you’ll be safer and your productivity will get a boost.

Here’s how you do it:

  • Click on the Account button on the upper right hand corner of the screen
  • Go to Privacy Settings and then scroll down to Apps and Web site
  • At Apps and Web site, click on “Turn off all platform apps”

This will mean you will be using Facebook only for reading and posting updates. You can still view, post and share images, video, music and status updates but most other apps will not work.

To make sure your Facebook account is not open and being used on another machine, do this:

  • From the Account button, go down to Account Settings
  • Go to Account Security
  • From Account Security, set up secure browsing and login alerts

This will basically limit your Facebook browsing to only secure sites and will send you an email alert if your Facebook account is open and being used in another machine.

Reid of Webroot also said Facebook users can rely on security software. Webroot for instance, offers the company’s Internet Security Essential package which combines anti-virus and anti-spyware functionalities. Webroot also Bright cloud product which when loaded onto a machine monitors online traffic and blocks malicious or potentially dangerous online traffic based on algorithmic behaviour.

Reid also suggest contacting your friends if you receive any unexpected of suspicious posts that are attributed to them. “If you’re at the point where you’re wondering if the message came from your friend, the best way to find out is to call or email them to verify.”

Share on LinkedIn Share with Google+