• On GameSpot: Want some help with holiday gifts?
August 20, 2009 10:18 AM PDT

Facebook disables 6 rogue phishing apps, but 5 more appear

by Elinor Mills
  • Font size
  • Print
  • 8 comments

Facebook on Thursday said it had disabled six rogue apps that were stealing Facebook users' log-in credentials and spamming people, and within hours more appeared.

Five more of the apps appeared on Thursday, called "Friends," "Friends Gifts," "Matching," "Pok," and "Your Photos," according to an updated blog post by Trend Micro researcher Rik Ferguson.

By that night those new ones were disabled too. Facebook "will continue to ensure that all applications on Facebook Platform comply with Facebook policies," a spokeswoman for the company said.

According to Ferguson's post: "The new rogue apps take the same format as previously but use different application icons, have slightly more credible notifications to your friends and also now feature bogus notifications to the profile owner, presumably in an effort to persuade the victim to install further apps and maximise the fraudsters' advertising returns."

He had discovered six rogue apps earlier in the week. One of those was disabled as of Wednesday, and later the other five from the first batch were disabled.

Before the apps were removed, victims had been receiving notifications that someone had commented on a post of theirs. The notifications contained links to a phishing site where users were prompted to provide their Facebook log-in credentials and then prompted to install one of the rogue apps, according to Ferguson. Once the app was installed, the victim's friends were spammed.

Updated at 10:44 p.m. PDT with Facebook disabling the five new apps and at 12:43 p.m. with discovery of five new rogue apps.

Originally posted at InSecurity Complex
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Privacy and data protection

Tags:

Facebook,

phishing,

spam

Share:
Digg
Del.icio.us
Reddit
Recent posts from Security
Log in with your face
See what's under McAfee's new interface
26 Windows, Office holes patched in 13 bulletins
McAfee: Spammers exploiting more news stories
Microsoft, Google split over browser bug bounty
Verizon temporarily blocks some 4chan sites
Security software maker Vitamin D exits beta
China breaks up Black Hawk hacking ring
Related
Social-networking spam hit business hard in '09
Twitter resets passwords after phishing attack
Researchers: Facebook vulnerable to clickjacking
Facebook looking to beef up e-commerce team
Facebook revamps home page
More social, please: Facebook nixes banner ads
Web searches for iPad leading to malicous sites
Finally! Comment on Facebook through e-mail
Add a Comment (Log in or register) (8 Comments)
  • prev
  • next
by ablackberryblog August 20, 2009 3:40 PM PDT
Facebook will be replaced by another social networking site in a few years. <br /> <br />http://www.ablackberryblog.com
Reply to this comment
by toosday August 21, 2009 4:19 AM PDT
For a moment, I thought you were going to say that the app "Causes" went rogue. If I get another "Causes" app invite from my friends, I swear... :)
Reply to this comment
by Seaspray0 August 21, 2009 7:14 AM PDT
elinor, can you provide some detail on the servers running facebook?
Reply to this comment
by elinormills August 21, 2009 9:02 AM PDT
I'm afraid I can't. Facebook doesn't disclose that kind of information.
by Cyrn August 21, 2009 9:12 AM PDT
Facebook have to check such apps that are in other languages too. I've just got an "invite" ;)
Reply to this comment
by cnarad August 24, 2009 12:27 PM PDT
I have gotten over 100 false notifications in less than two weeks. I reported this but so far - no response. I also followed suggestions in their security measures..........no diference!
Reply to this comment
by kenpfeil August 25, 2009 2:14 AM PDT
Anyone else notice that to in order to leave a comment you can sign in with a phishbook account? Too funny.
Reply to this comment
by freebird1974 August 25, 2009 4:32 AM PDT
Great, this is the same crap that happened to MySpace and the reason I was busy working on computers cleaning up the crap MySpace left. So now I will get more business cleaning up the crap that FaceBook leaves behind. I love and hate these sites. One, because of the mess they can make with viruses, Trojans, adaware, spyware. Two is I make money cleaning the messes up. so it is a bad thing for users good thing for me.
Reply to this comment
(8 Comments)
  • prev
  • next
advertisement

Google's social side aims for some Buzz

Facebook and Twitter are the darlings of the social-media world, not Google--which hopes to change that with Buzz, betting it can organize your online social life.

Watching the birth of a gaming start-up

Stewart Butterfield and his friends are back at it with a new company. CNET's Daniel Terdiman was given exclusive, behind-the-scenes access as they built it from scratch.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET