Jump to content
Sign in to follow this  
TeMerc

Facebnook Widget installs Zango

Recommended Posts

2008.January.02 Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware. The malicious widget, called "Secret Crush" first appears as a Facebook request 'secret crush'.In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush'.Clicking the "Find Out Who!" button leads to the standard third-party application install page essentially stating that the referred application will be granted access to user's details upon installation. FortiGuard CenterSource: Sunbelt

Share this post


Link to post
Share on other sites

After MySpace, it's Facebook that is being targeted with this trash... :pirate: How to prey on the innocent and ignorant at one place ! I'm tempted to say that it serves you right to expose your life as an open book for all to see.There. I said it ! B) If you know anyone that uses Facebook, and you care about them enough, forward this ASAP.

Share this post


Link to post
Share on other sites

Zango's in your Face(book)

The Zangonistas are at it again, this time deftly disguising their "software" as a Facebook Widget. Fortinet, who discovered the issue, discusses the "Secret Crush" widget at length, so no need to repeat their extensive effort.Instead, I'd like to offer a bit of analysis, then invoke a debate.
Detailed analysis @ HolisticInfoSec.org

Share this post


Link to post
Share on other sites

Rebuttal by Zango below and FYI this Zango post:

Zango Advisory: As of this posting, the Zango security team has observed that the Secret Crush widget on Facebook is now called the “My Admirer†widget.
So if it's so innnocent why the name change??

Share this post


Link to post
Share on other sites

good question.if people were "givers" and not "takers" greed would evaporate and so would the likes of this carp.isn't it this facebook that sold part of itself to ms for $200 million? (3% of its self-proclaimed value?)i am all for ==business== making money, but not by gathering a person's info they hold private... (or at least think they do...)

Share this post


Link to post
Share on other sites

Facebook dumps Secret Crush application over spyware claimPosted by Caroline McCarthy January 7, 2008 Good riddance: Facebook has banned the "Secret Crush" application due to its affiliation with a notorious spyware manufacturer.The social-networking site confirmed the breakup on Monday: "Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware," a statement from the company read. "We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service."CNET

Share this post


Link to post
Share on other sites

PG weighs in on the whole Facebook\Zango thing and oddly enough, or rightly so, is almost on Zango's side. Ya you read that right.

Like everyone else, I went "ooooh" when I first heard about this. For those who don't know, an application on Facebook - when you installed it - "installed Zango spyware" (according to the numerous writeups), meaning the Zango Adware was the final destination, the main reason, for making this application in the first place.However, Zango came out swinging with their latest blog post and also claimed they have no affiliation with the makers of the Secret Crush application, which seems a little odd considering the maker of the application would have no direct incentive to install their Adware if they didn't have an account with them.They also posted up a screenshot that seems to show the application merely showing randomly selected adverts - not just an advert for Zango.
More @ Vital Security

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...