Sophos Cloud Optix
It’s less than a week since a rogue third-party application called “Error Check System” blitzed Facebook users claiming that there was a problem with their profiles, sending concerned users to malicious websites as they searched for information.
Now, another Facebook application is using underhand methods to collect the details of users, by sending them bogus notification messages that a friend has reported them for violating Facebook’s terms of service.
A typical message sent by the “F a c e b o o k — closing down!!!” application reads as follows:
"[Friend's name] has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - Click here to find out why you were reported! - Request Facebook look at what has happened and rule immediatley."
Hopefully the sloppy spelling prevented some people from clicking on the link and adding the application, but if you didn’t spot that schoolboy error then you might have given some ne’er-do-wells permission to access your profile and personal information, and also unwittingly forwarded the bogus message to all of your Facebook friends.
Yes, this application rifles through your contacts list sending itself to your Facebook friends, thus worming its way around the social network in a “viral” way.
Facebook appears to have now removed the application, although there are reports that similar rogue applications with names such as “My account” and “Reported For Rule Breaking” have also been seen.
One of the problems is that Facebook allows anybody to write an application, and third-party applications are not vetted before they are made available to the public. So, even as Facebook stamps out one malignant application, it can pop up in another place like a poisoned mushroom with a different name.
It sounds like this could be a new favoured trick being used by spammers and identity thieves to build up their databases of intended targets. My advice to Facebook users is to think very carefully before adding any new applications.