Facebook Widget Installs Zango!

2008.January.02

Fortinet Global Security Research Team discovered a malicious Facebook Widget (officially, a "Platform Application ") actively spreading on the social networking site which ultimately prompts users to install the infamous "Zango" adware/spyware.

The malicious widget, called "Secret Crush" first appears as a Facebook request 'secret crush'.

In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush'.

Clicking the "Find Out Who!" button leads to the standard third-party application install page essentially stating that the referred application will be granted access to user's details upon installation.

FortiGuard Center

Source: Sunbelt

 

Thanks TeMerc

Have two computers / users in the house that use Face Book. I do not, so I'm not that familiar with how Face Book interfaces between the browser / adding Face Book Widget - Secret Crush and my layered defenses.
The two computers are ....
1) Kids computer - HP/XP Home/SP2 - all updates - XP Limited Account - Comodo Firewall - AVG free. Also has Blue Coat - K9 Web Protection (commercial grade - free for non-commercial use).
2) Wife's computer - w98SE - All updates through end of MS support - AVG Free.

Both computers have SpywareBlaster, but do not run any active scanning malware programs. All of use Fire Fox / current.

In addition, run Netgear WGT624 router. Using reserve IP option allows me to control all network IP assignments, creating a pseudo static IP network. This allows my IP to be put in a "Trusted address" and all other networked IP's through a blocked / filter list. Currently I'm filtering for the following file types ...
bat, dll, exe, msi, pif, scr, shs, vbs, zip

I can tell kids / wife "Do Not Install this nasty widget ". Is their anything I can do via security to block it. Trying to block a site or a file name is a moving target. If it requires a executable install, I should be coverd. When it comes to browser addons / Internet widgets, I get nervous.

 

I've avoided the widgets over there exactly due to this potential.

Any I had, I'm removing. I don't have that many contacts on that thing anyways.

 

Rebuttal by Zango below and FYI this Zango post:

So if it's so innnocent why the name change??

 

Facebook dumps Secret Crush application over spyware claim
Posted by Caroline McCarthy
January 7, 2008

Good riddance: Facebook has banned the "Secret Crush" application due to its affiliation with a notorious spyware manufacturer.

The social-networking site confirmed the breakup on Monday: "Facebook is committed to user safety and security and, to that end, its Terms of Service for developers explicitly state that applications should not use adware and spyware," a statement from the company read. "We have contacted the developers and have disabled the Secret Crush application for violating Facebook Platform Terms of Service. "

CNET

 

PG weighs in on the whole Facebook\Zango thing and oddly enough, or rightly so, is almost on Zango's side. Ya you read that right.

More @ Vital Security

 

Thanks for all the updates TeMerc.
It's unfortunate companies such as "Zango" are in business.
Their constant ploy of misdirect / misinformation has a problem of sticking to anything that comes close. .. which can be a ploy itself. If someone keeps screaming "Wolf, Wolf" and nothing happens, you let your defenses down. It' a crazy, mixed up world in the land of Internet.