I am not a big Facebook fan myself even though I have a profile myself and use it from time to time. But I do not follow it on a regular basis and do not use all the fancy applications that you can install and have so much fun with. However, I know many people who spend on FB lots of time and install pretty much anything that others recommend and this story is especially for them. Before I start, let me say a big thank you to my colleague Nick Fitzgerald, who collected all the information and is actually the real author of this post ;)

Bill Brenner, editor of CSO magazine, advised that someone was using his name to lure Facebook users to “infect” (his word) their machines with something that would then send notifications to others of new wall posts. This was reputedly all with the aim of getting many Facebookers to accept an app and add it to their profile. Here’s a screenshot of Bill’s message:

 Bill_Brenner_wall_post

Investigating this our analysts did not find any strong evidence of worm-like or viral functionality, but the number of people installing – sorry, “accepting” – the app at the heart of this was increasing rapidly until Facebook security disabled or blocked access to it.

Fortunately, Facebook has disabled the app – if you try to visit a link
to it now, instead of the “accept” page you will see:

Allow_Application_Access_once_blocked

However, visiting a link from a notification of the kind Bill mentioned or spread through some other means (we reiterate, we saw no evidence that the actual Facebook app at the heart of this was directly involved in generating such messages) would result in Facebook asking you to confirm your acceptance of the app, similar to this:

Allow_Facebook_Application_Access
 
Note that this app was called “News Feed”. If you accepted this News Feed app, you were directed to a page with a weird animated GIF that looked (frozen at one frame of the GIF) something like this:

Annoyance_Page

Then, if you checked your Facebook application settings you would see something like:

Infested_apps_list

If you clicked the “Edit Settings” link in the above screenshot, you’d have seen that News Feed was specifically asking for permission to post
to your wall. Perhaps the authors of this app expected people to shrug
off the ugly, annoying web page it redirected to and hoped that they would forget that they had accepted the app and given it wall-posting rights. This could make a handy “spam tool” for the app’s author’s in future.

Many people actually don’t realize that a Facebook application can be malicious, too. Note one of the responses to the original Bill’s post – Ann thinks that she is safe because she has a Mac. Unfortunately for Ann and many others with Mac or Linux (or other systems), this is not necessarily true. Facebook applications are portable, they support all the different systems, including Mac, and once installed, they can obtain access to your profile data. Fortunately, Facebook takes security very seriously and the user has control over what data can an application access. However, social engineering is a powerful weapon and many people fall into traps like the one above. So next time you install a new Facebook application, be careful about where it comes from and what permissions do you grant to it.