New Adware Targets Facebook
"This is a very popular technique for Web attacks that we're seeing," said Derek Manky, senior research engineer at Fortinet, which first discovered the malware Jan. 1. "It's using trusted friends from the network rather than any kind of spam."
The new widget is hosted through Facebook's popular "Secret Crush" feature, which invites users to find out which one of their "friends" might really be an admirer. By the time the worm was detected earlier this week, security researchers estimated that the widget had affected more than 3 percent of Facebook's 43 million users.
"This is just the tip of the iceberg," said Manky. "We're just waiting to hear feedback and see what the aftermath will be."
The multifaceted attack uses social engineering coupled with adware/spyware technology. Initially, Facebook users see a request that comes in the form of a platform application widget notifying them they have a "Secret Crush" invitation. When users click on the "find out who" tab, they are then asked to accept a disclaimer from Facebook's terms of service, which many "just blindly click through."
"At this point they'll want to get on with it and see who has a secret crush on them," said Manky.
Upon accepting the terms of the disclaimer, the widget asks the user to click a second button recommending five "friends," which serves to propagate the malware to other Facebook users. Following the recommendations, the widget displays an Iframe, a window inside of the Facebook Web site, pointing to another application. Instead of finding out their "secret crush," users will get treated to the Zango adware Web site.
"Once the request comes in, it's relying on human curiosity to leverage the attack," said Manky. "It's leveraging a trusted network, trusted friends. They'll be really good friends most of the time in real life."
"That's what makes it so effective," he added.
Manky said that while this particular Facebook widget appeared to be financially motivated, it so far has not been found to harm users' computers. However, this form of malware could be used to "point the Web site to malicious code and compromise the system."
"In this case it turned to Zango's Web site," said Manky. "With adware, everything is based off of revenue from affiliates."
Security professionals recommend that users keep updated antispyware and antivirus software as well as ensuring that all Web browsers and operating systems are installed with the latest patches. In addition, security researchers advise that users exercise caution when clicking on unsolicited links.
"It comes down to education, taking some time to read these terms of service and disclaimers, even if it seems it's coming from a trusted friend," said Manky.
Fortinet said that the company notified Facebook Wednesday about the adware. Facebook did not immediately respond to queries from CRN.