Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Widget Installs Zango Spyware

Posted by CmdrTaco on from the hate-when-that-happens dept.

BaCa writes "A malicious Facebook Widget actively spreading on the social networking site ultimately prompts users to install the infamous "Zango" adware/spyware. The tremendous success and lightning fast expansion of Facebook empowered the social networking giant with an impressive user base. Needless to say, in a digital world where web traffic equals money, such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies."

2 of 137 comments (clear)

  1. Re:Too late by kebes · · Score: 4, Interesting

    It's good the Facebook is blocking that app, but this points to a deeper problem with Facebook's implementation of third-party applications. This is just the beginning of Facebook being exploited by scammers.

    Whoever injected that spyware application will no doubt create a new developer account, and upload some variant of "Secret Crush". Blocking a particular application or a particular developer account is a short-term solution. I can only guess that more and more people are going to exploit Facebook apps for adware, spyware, phishing, identity theft, etc. Facebook will then be playing yet another game of "Internet whack-a-mole" where they try to block applications based on signatures, block developers based on IP address, and so on (with usual countermeasures of automated code variation, proxies, etc.). As we've seen from spam, viruses, spyware, and phishing, such games reach a stalemate where a certain fraction of users are becoming victims at any given time (typically the less savvy users, I suppose).

    Personally I think Facebook should do a better job making the risks of third-party applications clear. The little "confirm that you want this application" question has already become so routine for most users that it means nothing to them. Moreover, the tight integration of third-party apps into the Facebook environment, though visually pleasing, leads most users to believe that the applications are written by and endorsed by Facebook. In fact, the code runs on third-party servers and those third-parties have access to profile data once you accept the app. Most Facebook users are surprised when you tell them this. And it's not always easy to tell who actually wrote a given application.

    I think we all saw this coming, and I'm surprised Facebook didn't put in more safeguards to curtail the use of the app framework for spamming, phishing, and social engineering.

  2. not social by Anonymous Coward · · Score: 0, Interesting

    im going to be brutally honest. if you don't enjoy facebook, it's because you don't have an active social life. this is true between 20-25 year olds. outside that range, facebook isn't as stapled to social lives.

    im pretty active with my social life, and im constantly on facebook to see pics of parties or outings im tagged in, as well as pics from what my friends were up to while i wasn't around (or not invited to! ha)