Rogue Facebook Application Uses Fake Terms of Service Alert to Target Users

For the second time in less than a week, Facebook users have fallen victim to a widespread attack due to malicious third-party applications. The latest attack is sending out notifications that users are in violation of Facebook's Terms of Service.

For the second time in less than a week, Facebook has been forced to squelch a rogue application targeting users of the site.

In the most recent attack, Facebook users receive notices stating they have been reported for violating Facebook's terms of service by someone in their friends' list. A link in the notification leads to an application called ""f a c e b o o k - - closing down!!!" being installed.

The application in turn spams messages out to the victim's friends that are similar to this one: "[Friend's name] has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - Click here to find out why you were reported! - Request Facebook look at what has happened and rule immediatley."

According to Sophos, Facebook appears to have removed the application. However, the challenge of what to do about securing third-party applications remains. Roughly a week ago, users were hit by a similar application called "Error Check System," which posted fake error notifications in a Facebook user's profile in its attempt to spread.

Whoever was behind that initial scheme did not stop there, though. If victims put the phrase "Error Check System" into a Google search, one of the top results led to a site that attempted to trick visitors into downloading rogue anti-virus software.

While security vendors offered no numbers to indicate how many users had been affected by the attacks, researchers at Trend Micro noted this second attack caused enough of a stir for Facebook users to create a "Facebook Group" for those hit by the malware.

"One of the problems is that Facebook allows anybody to write an application, and third-party applications are not vetted before they are made available to the public," blogged Sophos Senior Technology Consultant Graham Cluley. "So, even as Facebook stamps out one malignant application, it can pop up in another place like a poisoned mushroom with a different name."

Facebook has repeatedly said that the responsibility for securing third-party applications lies with the developers themselves. However, some security pros fear that rogue applications will be an ongoing challenge for social networks.

"Surely these two events in just a single week mean that it's about time that Facebook reviews its application hosting policy," blogged Trend Micro researcher Rik Ferguson. "Prevention of rogue applications with extremely dubious intent to propagate freely within the site is needed. Users are advised to exercise extreme caution when surfing."