informa
Commentary

Alert: Disposable Facebook Apps Installing Adware

Just like throwaway domains on the wider Internet, it seems like criminals now use throwaway applications on Facebook. They bring one app online to lure users and potentially infect them, and by the time one is taken down by Facebook, they create yet another.
Just like throwaway domains on the wider Internet, it seems like criminals now use throwaway applications on Facebook. They bring one app online to lure users and potentially infect them, and by the time one is taken down by Facebook, they create yet another.My colleague Roger Thompson wrote a technical blog detailing this new attack. (Disclaimer: Yes, I work with him, and I linked to him).

This is yet another advance by criminals to keep up with efforts to stop them. Isn't this one a fun twist, though?

Here are a couple of URLs for the most recent attack (both now removed by Facebook security, so they are safe): >> http://apps.facebook.com/hghh_rtrt/ >> http://apps.facebook.com/llkujyh_yjgyh/

Facebook catches onto them quickly (way to go, guys!), but this is certainly interesting and calls attention once again to the security of Facebook applications.

Certainly, up until now, while there have been security risks to applications and indeed malicious applications (none of which compromised the system itself), developers have had the ability to openly and easily create a new application.

This openness has been an asset to the entire community, but, unfortunately, when a society grows and criminal elements present themselves, systems sometimes can't scale. Some freedoms have to go if the system itself is to survive. Don't jump at my throat yet; I am not against First Amendment rights -- quite the contrary. However, I am FOR maintaining the infrastructure, which First Amendment rights activists use to argue if I do the right thing defending them.

Stricter control over application approval is called for, and I feel assured Facebook is up to the task. Unlike with its privacy policy (which I am worried about), the company hasn't failed us with its security efforts. It is, in fact, doing a great job -- especially considering what it is facing in securing one of the biggest hornet's nests of security threats on the Internet. I have full confidence in its security team, and especially with those who work with the community on a daily basis: Ryan McGeehan, Alex Rice, and the most recent addition, Nick Bilogorskiy.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron.

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.

Recommended Reading: