Feb26
3:36 am (UTC-7)   |   by Rik Ferguson

Over the weekend, an application of extremely dubious intent was released on Facebook. Called “The Error Check System“, this said application appears to be non-destructive, but spread very quickly and very widely and could in the process have collected thousands, hundreds of thousands even, of personal details.

The application sent out notifications to Facebook users stating that one of their friends “has faced some errors when checking your profile” and prompted them to click a link to “View the Errors Message.”


Figure 1. Fake notifications.

Exploiting users’ fears, uncertainties, doubts, and of course their trust in their friends, ensured the fast spread of this application in the span of time it was available on Facebook.

Facebook applications need to ask the user’s permission first to access the personal information in their profile. A normal Facebook application installer screen looks like this:


Figure 2. Facebook application installer.

The “Errors Message” application redesigned the standard content of this screen to appear like the image below, making no mention of seeking permission to access the user’s information and friends list:


Figure 3. “Errors Message” installer..

Once the rogue application is Activated or rather installed in a system and has access to all profile information, a user sees the following screen:


Figure 4. Note the poor grammar (again).

The application finally helpfully suggests that the user might want to check friends’ profiles for errors, so in essence, the propagation continues:


Figure 5. Friends of an affected user may be future victims..

An interesting side note to this whole affair is what happened on Google search during the time this application was spreading on Facebook. The search term “Error Check System” returned results that were actually pointing to malware and rogue AV applications.

It appears then, that the purpose of this Facebook application, other than to steal profile information, is to drive people to Google where dangerous links are ready and waiting. This seems like another case of Search Engine Optimization (SEO) poisoning.

Google searches for the string gmail down (after a Gmail outage) yielded top results that led to malware earlier this week. These series of attacks again show that cybercriminals are intent on exploiting the trust users have on search engines and the results they give back.

Note: All images in this blog post come from http://www.allfacebook.com and was used with permission.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Thursday, February 26th, 2009 at 3:36 am and is filed under Security . You can leave a response, or trackback from your own site.



15 Responses to “Rogue Facebook App Linked to Blackhat SEO”

Trackbacks

  1. Rogue Facebook App Linked to Blackhat SEO « SEO
  2. Rogue Facebook App Linked to Blackhat SEO | SEO News & Views
  3. Rogue Facebook App Linked to Blackhat SEO | vertical8seo.com
  4. SpywareHammer (Spyware Hammer)
  5. smittysue (smittysue)
  6. mckennasmark (Susan McKenna)
  7. A Second Rogue Facebook Application in Just a Week? | Malware Blog | Trend Micro
  8. BizFractals » Blog Archive » Facebook gets hit twice in a week
  9. Malware Tricking Search Engines, and You Too (PC Magazine) | One Public voice
  10. MALWARE TRICKING SEARCH ENGINES, AND YOU TOO (PC Magazine) | Software Blog
  11. Facebook’s Security Team Fighting Battles on Multiple Fronts
  12. A Second Rogue Facebook Application in Just a Week? - All About Virus
  13. Pathien (Patrick Quang Thien)
  14. Topics about Top-trends » Rogue Facebook App Linked to Blackhat SEO | Malware Blog | Trend Micro
  15. Facebook : Nouvelles menaces | Jokester

Leave a Reply


UK Justice Minister Jack Straw’s Account Used for 419 Scam
Xbox Live Losers Resort to Hacking


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice