Beware Attack by Rogue Facebook Apps

Another attack using rogue Facebook applications hit users' PCs Saturday in a virtual repeat of last weekend's massive assault, security researchers said.

Like the earlier attack, Saturday's scam uses a sex-oriented video as bait, said Patrik Runald, a Australian researcher who works for Websense Security.

The scam is spread through Facebook messages touting "Distracting Beach Babes" videos that include a link to the malicious applications, Runald wrote on his company's blog early Saturday. Users who click on the link are asked to allow the application to access their profiles, and let it send messages to friends and post it on their walls. Once approved, the application instructs users to download an updated version of FLV Player, a popular free Windows media player, to view the video.

This new attack is almost identical to the one that generated several hundred thousand malicious software reports to antivirus vendor AVG Technologies a week ago.

On Saturday, Graham Cluley, a senior technology consultant at U.K.-based security firm Sophos, put the number of attacked Facebook users in "the thousands."

Neither Runald or Cluley could confirm the nature of the malware that masquerades as FLV Player, but both suspected that because of the similarity to last week's attack, it was most likely the result of the notorious Hotbar adware , a toolbar that inserts itself into Internet Explorer and displays pop-up ads and links.

"I'm beginning to wonder if the cybercriminals deliberately launch these campaigns on the weekends, imagining that anti-virus researchers and Facebook's own security team might be snoozing," said Cluley on the Sophos blog Saturday .

Facebook did not reply to a request for comment Saturday, and its security page had no mention of the latest attacks.

According to Runald, Websense has identified at least 100 different malicious applications used in the two weekend attacks.

Facebook users have used the service to warn others of the ongoing attacks. "Hey guys whatever you do DO NOT click on the post that appears on your wall -- doing so will result in all of your Facebook friends being sent the virus," one such message said.

Runald and Cluley spelled out in their blog posts how users who installed the rogue Facebook software, but who did not take the final step and fall for the fake FLV Player download, can remove the bogus program from their application settings page.

Searches conducted on Facebook at 4:30 p.m. ET for the malicious application that Ronald identified came up empty, implying that Facebook had removed it from the site.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer@ix.netcom.com .

Read more about security in Computerworld's Security Knowledge Center.

Subscribe to the Security Watch Newsletter

Comments