Facebook targeted by social worm
Illicit widget tempts Facebook users to instal spyware with promise of secret admirer
Social networking site Facebook has blocked a malicious application that attempted to get users to install spyware on their PC. The ‘Secret Crush' widget tempted users with a supposed ‘secret admirer', although installing the application actually activated spyware from Zango, which monitors browsing and triggers unwanted pop-ups.
The widget was believed to have been installed by around 4% of Facebook's user base of 59 million, before it was disabled. As part of the installation process, the application also required users to send the widget to five other Facebook users.
Guillaume Lovet, EMEA threat response team manager at Fortinet commented: "What is happening here is actually simple - social networking sites are becoming what the Internet already is in general: a dangerous place. People who are unaware, naive, and/or run unpatched browsers are increasingly at risk."
Fortinet classified the widget as a ‘social worm' that uses pure social engineering rather than abuse of any features of Facebook, to spread itself.