Tales from the Net

a work in progress

Saturday, January 5, 2008

Beware of a “Secret Crush” on Facebook

There’s a application called “Secret Crush” on Facebook whose entire purpose is to trick the user into installing the spyware/adware package Xango.  Fortinet’s description on Help Net Security has some excellent screenshots.  Facebook applications are likely to be fertile grounds for social engineering attacks because the invites usually come from your friends.  Not only that, when applications install they require you to give the application permission to all your information, and encourages to spam your friends with invitations.  After consenting to that, actions you’d typically think twice before doing  (like “download spyware now”) seem pretty natural.

Some of the comments in the Slashdot discussion imply that Facebook’s already deactivated the app; no word on how many users were affected.  The timing of this and the Facebook phishing attack Ryan Singel might just be coincidence; then again, it might be more evidence of a trend to increased spamming and scamming in the Facebook world.

posted by Jon at 3:03 pm  


  1. intellectual property is not really respected in most countries in asia where piracy is so rampant.’:*

    Comment by Holly Martin — July 23, 2010 @ 9:22 am

  2. there are so many intellectual property and copyright violations these days*’.

    Comment by Lucas Parker — September 9, 2010 @ 10:37 am

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress