A suspicious application circulating on Facebook has attracted nearly 300,000 fans whose profiles could be used as launching pads for spam, according to a security analyst.
The application, called “I will NEVER text again,” lures Facebook users by offering a video, said Graham Cluley, senior technology consultant for security vendor Sophos. When someone clicks on a link advertising the application, the application asks for permission to access their basic information and post to their Wall.
If a user grants permission, the link is then posted to the user’s Wall and goes out in the person’s news feed, which then gets read by other friends and potentially added to their profiles, Cluley said.
So far the application hasn’t done anything malicious, and many Facebook applications ask for the same access to a person’s information and Wall. But it has some suspicious characteristics. Although it promises a video, the video does not work, Cluley said.
The application’s publisher is listed as “Anne Klein,” who has a Facebook profile with no photograph. “It looks like a bogus page,” Cluley said.
Cluley said Facebook doesn’t review applications as rigorously as, for example, Apple does for its iTunes application marketplace.
Since “I will NEVER text again” has permission to post on a person’s Wall, the application could be used to spam links to dodgy Web sites.
“It could be used for advertising, for spam or could be used to spread malware as well,” Cluley said. “At the moment they are trying to recruit users into the network.”
Cluley said he reported the application as suspicious around 6 p.m. U.K. time on Monday. As of Tuesday morning, the application was still active. In the past, Facebook has deleted applications similar to “I will NEVER text again,” and it may only be a matter of time before this one is nixed, he said.
Facebook representatives in the U.K. were not immediately able to comment on the application.
Send news tips and comments to jeremy_kirk@idg.com