This is yet another advance by criminals to keep up with efforts to stop them. Isn't this one a fun twist, though?
Here are a couple of URLs for the most recent attack (both now removed by Facebook security, so they are safe): >> http://apps.facebook.com/hghh_rtrt/ >> http://apps.facebook.com/llkujyh_yjgyh/
Facebook catches onto them quickly (way to go, guys!), but this is certainly interesting and calls attention once again to the security of Facebook applications.
Certainly, up until now, while there have been security risks to applications and indeed malicious applications (none of which compromised the system itself), developers have had the ability to openly and easily create a new application.
This openness has been an asset to the entire community, but, unfortunately, when a society grows and criminal elements present themselves, systems sometimes can't scale. Some freedoms have to go if the system itself is to survive. Don't jump at my throat yet; I am not against First Amendment rights -- quite the contrary. However, I am FOR maintaining the infrastructure, which First Amendment rights activists use to argue if I do the right thing defending them.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron.
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.