The prospect of rogue third-party applications on social networking sites has caused a stir in the past, and has recently been illustrated yet again.
This case comes courtesy of malicious links on Facebook advertising “Distracting Beach Babes” and the “sexiest video ever.” Those who click on the links are directed to a malicious application looking to install adware. Taking a look at the application, Websense unpacked exactly how the app works and is infecting users.
According to Websense, “The first part of the application’s code contains Facebook-specific information such as API key, secret key, etc.” If the app doesn’t have permission to post on the user’s wall, “it will prompt the user to grant it permissions using Facebook APIs.” Then, it “enumerates the list of friends, picks a random number … and posts a message to the walls of the 10 randomly selected friends.
“A message is then displayed asking the user to click ‘Continue’ to watch the video,” Websense explained. “Yet another page is displayed that loads a thumbnail of a video and overlays the image with a prompt saying that the ‘FLV Player’ needs updating. … When the user clicks on ‘Continue,’ it loads the file videoplayer.php, which does a simple redirect to http://www.flvpro.com/downloadfile.php?aff=3447_movies, where 3447_movies is the affiliate ID of the group/person behind the malicious app.”
Websense continued, “So far we have identified over 100 apps on Facebook that are all working the same way; the only difference is the API and secret keys that are used … they also use the same Google Analytics UA ID to track visitor statistics.”
Read about other examples of third-party apps gone wild here.