Facebook's New Openness Exploited By Scammers

The rogue message leads to a Facebook application link that spams a victim's friend list with the same warning message, and possibly harvests personal information.

Thomas Claburn, Editor at Large, Enterprise Mobility

February 27, 2009

2 Min Read
InformationWeek logo in a gray background | InformationWeek

As Facebook moved to undo the damage it had done by altering its terms of service without letting anyone know, scammers were trying to turn the company's misstep into an opportunity.

Facebook users have been victimized by a rogue application -- several variants actually -- that appears to have been designed to exploit public interest in the controversy surrounding Facebook's terms of service.

According to Trend Micro, the rogue program posted notification messages to user profiles that claimed that a friend had just reported the user for violating the site's terms of service. The messages advised recipients to click on a Facebook application link to find out why.

The messages said a friend of the recipient "has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - [Click here to find out why you were reported!] - Request Facebook look at what has happened and rule immediately."

The link led to an application called "f a c e b o o k -- closing down!!!" Once installed, it spammed the victim's friend list with the same warning message, and possibly harvested personal information in the process.

This is the second such attack in the past week. Last weekend, a rogue application called "The Error Check System" was detected and is suspected to have been harvesting personal information from those duped into installing it.

"Our team has disabled this application for violating the Facebook developer terms of service," a Facebook spokesperson said in an e-mail. "Some additional versions of it have sprung up, and we've disabled these as well. We're actively monitoring the site for others and are working on blocking the application completely."

Facebook did not respond to a request to provide information about the number of users affected.

In announcing the changes to its rules on Thursday, Facebook CEO Mark Zuckerberg said, "Our main goal at Facebook is to help make the world more open and transparent."

But Trend Micro threat research manager Jamz Yaneza argues that Facebook needs to be more closed and opaque, at least with regard to its developers. "Facebook initially created APIs to have developers create applications, like what Apple is doing for the iPhone," he said in a phone interview. "But what Apple is doing right is they have a very strict vetting program."

Facebook began its application verification program only last month, he said, and urged the social network to exercise more control over third-party Facebook applications.


Is social networking a time waster or the next big thing in collaboration? InformationWeek has published an independent analysis of this topic. Download the report here (registration required).

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights