The exploitation of social networking sites and other popular Web sites is a growing tend. Recently yet another exploit was discovered where Facebook users fell prey and wound up with spyware on their computers.
According to evidence collected by Fortinet, some of Facebook's users received a request to interact with a mini Facebook application (sometimes known as a widget) that posed as a message from someone with a "secret crush" on the recipient. When opened, the applications invites the reader to find out who has the crush on them, and the reader must acknowledge that using the application might reveal their personal information.
However, instead of informing the reader who has a crush on them, the reader is further enticed and strung along unwittingly. A suggestion is presented that tells the reader they must send the "secret crush" invite to five of their friends, and the reader is left to believe that only then will information be revealed about who has a crush on them.
The application then loads a page the invites the user to download an alleged horoscope application. As it turns out the horoscope application, which is spyware, is hosted at Zango.com by a Zango affiliate.
The overall tactic in this exploit is to prey on common human weaknesses. The bait readily lures the reader into installing and spreading the application on behalf of Zango and its affiliates. The bottom line is that the application is a devious social networking worm.
"Needless to say, in a digital world where web traffic equals money, \[a large user based such as Facebook's\] attracts spammers, virus/spyware seeders, and other \[non-ethical\] online marketers like honey would attract flies," a spokesperson for Fortinet said.