Never Texting Again: Facebook rogue app spreading quickly

July 8, 2010 by admin
Filed under Security News

Updated Over 290,000 people have in the last few days clicked on a link that is spreading virally across Facebook, claiming to point to a video of someone who died after sending a text message on their cellphone.

The links are being posted on innocent Facebook users’ walls by a rogue application. A typical message posted by the rogue application reads:

I am shocked!!! I'm NEVER texting AGAIN since I found this out. Video here: http://bit.ly/a37TaB - Worldwide scandal!

If you do make the mistake of clicking on the link then you are taken to the rogue Facebook application

texting click here Never Texting Again: Facebook rogue app spreading quickly

texting permisson Never Texting Again: Facebook rogue app spreading quickly

The problem is that even though Facebook is warning users that they are giving the “I will never text again after seeing this” application permission to post to their wall (as well as access their personal information) many people are still go ahead and press “allow”.

Why should you ever have to grant an application such permissions in order to watch a video?

Sigh.. Sometimes you just feel like you’re hitting your head against a brick wall..

Sure enough – with the permission granted, the application begins to spread its links virally via your Facebook profile:

I'm Never Texting Again Since I Found This Out <name> has seen a shocking video, which shows someone dying because of texting

Properly cleaning-up your account after you have given permission for the rogue application to access your Facebook account takes two steps. But I’ll throw in a third for good measure.

1. Remove the application
Firstly, visit your Application Settings on Facebook and click on the “X” to remove the app from your profile.

texting application settings Never Texting Again: Facebook rogue app spreading quickly

You will be asked to confirm if you really want to remove it. Obviously the correct answer is to go ahead and remove it.

texting remove Never Texting Again: Facebook rogue app spreading quickly

2. Clean-up your wall
With the application gone, you now need to clean-up your own wall – and stop advertising the link (and rogue application) to your online friends. Hovering your mouse over the posts on your wall should display a “Remove” option which will allow you to sanitise the news feed you are sharing with others.

3. Get smart
There are only two things you need to do to clean-up your Facebook account, but I’d recommend you get yourself educated about internet threats too, so you’re wise to these sort of attacks in the future. If you’re regular user of Facebook, you should really join the Sophos page on Facebook to be kept informed of the latest security scares and attacks.

Try not to laugh xD: Worm spreads via Facebook status messages

May 21, 2010 by admin
Filed under Security News

3 Comments

A clickjacking worm spread quickly across Facebook earlier today, tricking users into posting it to their status updates.

try not to laugh Try not to laugh xD: Worm spreads via Facebook status messages

The worm, which some have dubbed Fbhole because of the domain it points to, posts a message like the following:

try not to laugh xD http://www.fbhole.com/omg/allow.php?s=a&r=<random number>

Clicking on the link would display a fake error message that would trick you – through a clickjacking exploit – to invisibly push a button that would publish the same message to your own Facebook status update. We’ve seen clickjacking exploited by hackers before in attacks on social networks, for instance in the “Don’t click” attack seen on Twitter in early 2009.

READ MORE…. and see the video

Tags: Attacks, Facebook, Fake, fake error message, social network, Social Networks, Sophos, Spread, status messages, status updates, WARNING