Facebook "stalking" apps are all rogue

 

Gallery

Posted on 17 Mar 2010 at 12:39

Rogue applications continue to exploit the trust Facebook users put in their friends. One of the most common rogue apps claims that it will let you see who's been looking at your profile. Unlike traditional malware, rogue apps of this sort can't directly harm your PC. However, using them gives them access to your profile, your friends and all the personal information your settings allow them to see.

Rik Furguson of Trend Micro detected at least 25 different copies of the same rogue app under a variety of names. Some of these apps are extremely convincing – even we were almost duped when we first saw the 'Who is checking your profile?' app. Cleverly, the app generates "results" by picking 20 of your friends at random, inserting their images into a smart-looking photo montage and tagging them in it so they all receive notifications.

Furguson writes "Facebook users may notice wall posts or receive notifications from their friends, unwitting victims all, encouraging them to install the rogue app, along with bogus assurances on its reliability."

Facebook is working as quickly as possible to delete the applications, but variations of the same apps keep popping up under different names. A quick look at our friends' photo stream showed that 10 of the last 20 images posted were generated by one of these apps. The example above was originally posted by Rik over at the Trend Micro Countermeasures blog.

Currently, apps aren't vetted before they go up on Facebook. This allows users plenty of freedom to create the pointless and badly spelled quizzes that appear to be the lifeblood of social networking, but it also means that malicious or fraudulent applications can't be filtered out before they go live.

As Furguson notes, "now that these things are becoming a regular occurrence there must be a tremendous burden being placed on the incident response handlers at Facebook that could be better channelled into an application vetting process".

Until the situation changes, all you need to do to stay safe is be observant and avoid adding anything that seems too good to be true.

Remember: there's no way of seeing who's been viewing your Facebook profile. Any app that claims to do this is trying to pull the wool over your eyes.

Author: Kat Orphanides