Unnamed App Stalks Facebook Users

By Matthew Hines  |  Posted 2010-01-28 Print this article Print

Users of social networking sites such as Facebook have been sitting directly in attackers' crosshairs for several years now, and the threats and social engineering schemes used to victimize such individuals continue to mature.

In a new twist, as Facebook and other sites attempt to be more responsive in hunting down and eradicating attacks flowing over their networks, scammers are trying to trick people by fooling them into thinking they might have become infected with malware to drive them to their own, poisoned sites.

In a recent blog post issued by PandaLabs, researchers highlight a threat dubbed "unNamed App" which presents Facebook users with a phony alert informing them that they may have become infected by the program with hopes that they will search for information about it online and find their way to infected URLs.

The user first receives the alert over Facebook instructing them to look in their account setting to ensure that they have not become infected by the "un named app" which is positioned as an "internal spybot." However, since the threat is not actually being distributed over the site, the attackers hope that people will be curious for more information and go searching for it outside of Facebook only to end up getting infected in doing so.

"A normal user will go to a search engine to find out what this is about... and then he will find that there is a nice BlackHat SEO attack that makes the 1st and 2nd results to lead to a malicious website that forces you to install a rogueware application," reports PandaLabs research lead Luis Corrons.

Facebook has been informed of the campaign and is actively warning its users of it and to "Be wary of any sites that claim to be able to fix this, as they might contain malicious software."

Clearly social networking threats have evolved when attackers have to resort to luring people off the sites to hit them with attacks. However, there's no telling how successful those efforts may prove in finding vulnerable targets.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

del.icio.us | digg.com

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel