Rogue Facebook application infects 5 million users in two days

GFI noted that many of the Facebook scams centered on the recent earthquake and nuclear emergency in Japan.

“In March, we saw an apparently endless collection of scams related to the earthquake and tsunami in Japan, including fake donation websites, Facebook clickjacking and 419 spam emails”, commented Christopher Boyd, senior threat researcher with GFI Software. “In addition, we also observed search engine poisoning involving radiation levels that sent people to malware sites.”

GFI’s data, collected from users of its ThreatNet automated threat tracking system, showed that trojans made up 8 of the top ten malware detections during March, with the remaining two comprising adware infections.

Meanwhile, Webroot issued a warning about a rougue Facebook application that has apparently netted almost 5 million users. According to Webroot malware expert Andrew Brandt, it is actually a collection of several duplicate apps “with slightly different names”.

The Facebook worm, says Brandt, “appears to have been engineered to drive traffic to a sleazy online advertising network which tries to [convince] people into installing software and disclosing a great deal of personal information about themselves in return for the promise of outrageously large gifts or prizes”.

Brandt reports that the ads are being served up by impressionlead.com, which asks visitors to complete a survey that includes personal information, or to install gaming software from a website called Playsushi. This type of malware, which many call ‘adware’, then uses the Facebook chat tool to spam out short links to the user’s entire friend list.

The malware expert outlined each step of the adware scam in a recent security blog post.

“Hundreds of shortlinks being used in the campaign lead to different websites, but they all work in identical fashion”, Brandt added. In just two days, Webroot tracked more than 300 internet domain names that were involved in the Facebook ruse and has since contacted the domain registrar.

What’s Hot on Infosecurity Magazine?