Over the weekend, an application of extremely dubious intent was released on Facebook. Called “The Error Check System“, this said application appears to be non-destructive, but spread very quickly and very widely and could in the process have collected thousands, hundreds of thousands even, of personal details.
The application sent out notifications to Facebook users stating that one of their friends “has faced some errors when checking your profile” and prompted them to click a link to “View the Errors Message.”
Figure 1. Fake notifications.
Exploiting users’ fears, uncertainties, doubts, and of course their trust in their friends, ensured the fast spread of this application in the span of time it was available on Facebook.
Facebook applications need to ask the user’s permission first to access the personal information in their profile. A normal Facebook application installer screen looks like this:
Figure 2. Facebook application installer.
The “Errors Message” application redesigned the standard content of this screen to appear like the image below, making no mention of seeking permission to access the user’s information and friends list:
Figure 3. “Errors Message” installer..
Once the rogue application is Activated or rather installed in a system and has access to all profile information, a user sees the following screen:
Figure 4. Note the poor grammar (again).
The application finally helpfully suggests that the user might want to check friends’ profiles for errors, so in essence, the propagation continues:
Figure 5. Friends of an affected user may be future victims..
An interesting side note to this whole affair is what happened on Google search during the time this application was spreading on Facebook. The search term “Error Check System” returned results that were actually pointing to malware and rogue AV applications.
It appears then, that the purpose of this Facebook application, other than to steal profile information, is to drive people to Google where dangerous links are ready and waiting. This seems like another case of Search Engine Optimization (SEO) poisoning.
Google searches for the string gmail down (after a Gmail outage) yielded top results that led to malware earlier this week. These series of attacks again show that cybercriminals are intent on exploiting the trust users have on search engines and the results they give back.
Note: All images in this blog post come from http://www.allfacebook.com and was used with permission.