Feb 27, 2009 (01:02 PM EST)
Facebook's New Openness Exploited By Scammers
Read the Original Article at InformationWeek
As Facebook moved to undo the damage it had done by altering its terms of service without letting anyone know, scammers were trying to turn the company's misstep into an opportunity.
Facebook users have been victimized by a rogue application -- several variants actually -- that appears to have been designed to exploit public interest in the controversy surrounding Facebook's terms of service.
According to Trend Micro, the rogue program posted notification messages to user profiles that claimed that a friend had just reported the user for violating the site's terms of service. The messages advised recipients to click on a Facebook application link to find out why.
The messages said a friend of the recipient "has just reported you to Facebook for violating our Terms of Service. - This is your official warning! - [Click here to find out why you were reported!] - Request Facebook look at what has happened and rule immediately."
The link led to an application called "f a c e b o o k -- closing down!!!" Once installed, it spammed the victim's friend list with the same warning message, and possibly harvested personal information in the process.
This is the second such attack in the past week. Last weekend, a rogue application called "The Error Check System" was detected and is suspected to have been harvesting personal information from those duped into installing it.
"Our team has disabled this application for violating the Facebook developer terms of service," a Facebook spokesperson said in an e-mail. "Some additional versions of it have sprung up, and we've disabled these as well. We're actively monitoring the site for others and are working on blocking the application completely."
Facebook did not respond to a request to provide information about the number of users affected.
In announcing the changes to its rules on Thursday, Facebook CEO Mark Zuckerberg said, "Our main goal at Facebook is to help make the world more open and transparent."
But Trend Micro threat research manager Jamz Yaneza argues that Facebook needs to be more closed and opaque, at least with regard to its developers. "Facebook initially created APIs to have developers create applications, like what Apple is doing for the iPhone," he said in a phone interview. "But what Apple is doing right is they have a very strict vetting program."
Facebook began its application verification program only last month, he said, and urged the social network to exercise more control over third-party Facebook applications.