Thanks to Clu-blog reader Jamie for contacting me regarding a scare that is currently spreading bewteen Facebook users.
Users of the social-networking site are warning each other of what is rumoured to be a rogue application, spying on their activities on Facebook. Users are told in the warning that they can find the “Unnamed app” by going to “Settings”/”Application Settings” and then choosing “Add to Profile” from the drop-down box.
Here’s a typical example of the message that is being passed around:
ALERT >>>>> Has your facebook been running slow lately? Go to "Settings" and select "application settings", change the dropdown box to "added to profile". If you see one in there called "un named app" delete it... Its an internal spybot. Pass it on. about a minute ago...i checked and it was on mine.
Sure enough, when I went to look on a Facebook account I found an “Unnamed app”:
However, I’m not seeing any evidence that the application is malicious. Indeed, it seems to me that the only sin it may have committed might be to have been given a daft unhelpful name. According to Facebook itself, it appears to be a buggy presentation of the boxes tab that appears on users’ Facebook profiles.
Of course, news of the “dangerous” app is spreading more quickly than the sensible advice for everyone to calm down and have a nice cup of tea. And, as a result, many people are searching the internet trying to find clues about the Facebook application.
It is at this point that the malicious hackers enter the story.
Just as they have done with other Facebook scares (like the Facebook Fan Check Virus scare and the Error Check System application), hackers have created webpages stuffed with keywords related to the “Unnamed” (sometimes “Un named”) app.
This and other search engine optimisation (SEO) techniques have helped hackers push their webpages high into the upper reaches of search results.
And if you happen to stumble across one of these malicious sites after searching for information about the “Facebook Unnamed app” you might find yourself infected by fake anti-virus software, designed to trick you out of your hard-earned cash.
Sophos detects the malware seen on these infected webpages as Mal/FakeVirPk-A.
If you’re a regular user of Facebook, be sure to join the Sophos page on Facebook to be kept informed of the latest security threats.