Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Widget Installs Zango Spyware

Posted by CmdrTaco on from the hate-when-that-happens dept.

BaCa writes "A malicious Facebook Widget actively spreading on the social networking site ultimately prompts users to install the infamous "Zango" adware/spyware. The tremendous success and lightning fast expansion of Facebook empowered the social networking giant with an impressive user base. Needless to say, in a digital world where web traffic equals money, such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies."

10 of 137 comments (clear)

  1. "like honey would attract flies" by John+Hasler · · Score: 5, Funny

    There is something else that attracts flies which it more closely resembles...

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  2. Without exception... by Anonymous Coward · · Score: 5, Insightful

    All the apps are terrible. Asides from their 'myspacesqueness', they also release your entire profile & friends to an unknown entity. Facebooks TOS is bad enough, but atleast you have a sense of who your dropping all thoughts of ownership or privacy too.

    'caring' - imageogram

  3. Obligatory by Weaselmancer · · Score: 4, Funny

    ...such a user base attracts spammers, virus/spyware seeders, and other ethic-less online marketers like honey would attract flies.

    http://xkcd.com/357/

    --
    Weaselmancer
    rediculous.
  4. Re:Ethic-less? by vaz01 · · Score: 5, Funny

    You must use facebook a lot.

  5. Too late by doofusclam · · Score: 4, Informative

    Facebook have already blocked it, days ago...

    1. Re:Too late by kebes · · Score: 4, Interesting

      It's good the Facebook is blocking that app, but this points to a deeper problem with Facebook's implementation of third-party applications. This is just the beginning of Facebook being exploited by scammers.

      Whoever injected that spyware application will no doubt create a new developer account, and upload some variant of "Secret Crush". Blocking a particular application or a particular developer account is a short-term solution. I can only guess that more and more people are going to exploit Facebook apps for adware, spyware, phishing, identity theft, etc. Facebook will then be playing yet another game of "Internet whack-a-mole" where they try to block applications based on signatures, block developers based on IP address, and so on (with usual countermeasures of automated code variation, proxies, etc.). As we've seen from spam, viruses, spyware, and phishing, such games reach a stalemate where a certain fraction of users are becoming victims at any given time (typically the less savvy users, I suppose).

      Personally I think Facebook should do a better job making the risks of third-party applications clear. The little "confirm that you want this application" question has already become so routine for most users that it means nothing to them. Moreover, the tight integration of third-party apps into the Facebook environment, though visually pleasing, leads most users to believe that the applications are written by and endorsed by Facebook. In fact, the code runs on third-party servers and those third-parties have access to profile data once you accept the app. Most Facebook users are surprised when you tell them this. And it's not always easy to tell who actually wrote a given application.

      I think we all saw this coming, and I'm surprised Facebook didn't put in more safeguards to curtail the use of the app framework for spamming, phishing, and social engineering.

  6. The widget is "Secret Crush" (saving you a click) by stickyc · · Score: 4, Informative
    Quick summary:

    The widget in question (according to TFA) is "Secret Crush". The app asks you to complete several steps, including signing up 5 of your friends and installing a tray applet (containing the "infamous "Zango" adware/spyware") from Zango's site.

  7. Re:What is "Facebook"? by STrinity · · Score: 4, Insightful

    Think MySpace only it looks like a corporate website c.1999 instead of a Geocities page c.1996. Oh, and with pointless activities.

    --
    Les Miserables Volume 1 now up with my reading of
  8. Am I the only person left? by Joce640k · · Score: 4, Funny

    Am I the only person left who doesn't know what facebook is?

    From reading the press it seems to be some sort of web site where you upload all your private stuff for other people to see. I've never seen it though.

    --
    No sig today...
  9. Re:The widget is "Secret Crush" (saving you a clic by Anonymous Coward · · Score: 4, Informative

    According to "blog.zango.com" (found by a google search "facebook widget zango") the widget is now called "My Admirer".
    Facebook is going to hell in a handbasket. They should never have opened to "anyone with an email address"; that's just asking for trouble. At least they're making money, right?