Facebnook Widget installs Zango

[TeMerc]

2008.January.02 Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware. The malicious widget, called "Secret Crush" first appears as a Facebook request 'secret crush'.In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush'.Clicking the "Find Out Who!" button leads to the standard third-party application install page essentially stating that the referred application will be granted access to user's details upon installation. FortiGuard CenterSource: Sunbelt

[Guitar Man]

After MySpace, it's Facebook that is being targeted with this trash... How to prey on the innocent and ignorant at one place ! I'm tempted to say that it serves you right to expose your life as an open book for all to see.There. I said it ! If you know anyone that uses Facebook, and you care about them enough, forward this ASAP.

[TeMerc]

Zango's in your Face(book)

The Zangonistas are at it again, this time deftly disguising their "software" as a Facebook Widget. Fortinet, who discovered the issue, discusses the "Secret Crush" widget at length, so no need to repeat their extensive effort.Instead, I'd like to offer a bit of analysis, then invoke a debate.

Detailed analysis @ HolisticInfoSec.org

[TeMerc]

Rebuttal by Zango below and FYI this Zango post:

Zango Advisory: As of this posting, the Zango security team has observed that the Secret Crush widget on Facebook is now called the “My Admirer†widget.

So if it's so innnocent why the name change??

[TeMerc]

Facebook dumps Secret Crush application over spyware claimPosted by Caroline McCarthy January 7, 2008 Good riddance: Facebook has banned the "Secret Crush" application due to its affiliation with a notorious spyware manufacturer.The social-networking site confirmed the breakup on Monday: "Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware," a statement from the company read. "We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service."CNET

[TeMerc]

PG weighs in on the whole Facebook\Zango thing and oddly enough, or rightly so, is almost on Zango's side. Ya you read that right.

Like everyone else, I went "ooooh" when I first heard about this. For those who don't know, an application on Facebook - when you installed it - "installed Zango spyware" (according to the numerous writeups), meaning the Zango Adware was the final destination, the main reason, for making this application in the first place.However, Zango came out swinging with their latest blog post and also claimed they have no affiliation with the makers of the Secret Crush application, which seems a little odd considering the maker of the application would have no direct incentive to install their Adware if they didn't have an account with them.They also posted up a screenshot that seems to show the application merely showing randomly selected adverts - not just an advert for Zango.

More @ Vital Security