Spyware has landed on Facebook.
According to researchers at Fortinet, a malicious Facebook Widget actively spreading on the popular social networking site is serving as a lure to trick users into installing the notorious Zango adware/spyware program.
According to a detailed advisory from Fortinet (complete with screenshots), the so-called "Secret Crush" widget powers a software installation that traces back to Zango.
"Needless to say that clicking on "Download Now" leads to a copy of the infamous Zango adware/spyware. This was formerly known as BetterInternet, and is currently caught by Fortinet as Adware/Zango as can be seen in Figure 6. By downloading, the malicious widget authors get rewarded with a fistful of pennies upon each download (which, after a few million clicks, probably sums up to an impressive total)."
Fortinet said the widget is already being used by 3 percent of the Facebook community, which amounts to more than one million users.