| 14 |
| Mar |
Article from Rik Ferguson
Filed under: Family Safety,Opinion,Social Engineering,Web 2.0,spam | RSS 2.0 | TB | Tags: Facebook, spam, spamvertising, web | 26 Comments
Yet another variation on a Spam theme for Facebook to deal with tonight. I have identified at least 25 different copies of the same rogue app with names such as peeppeep-pro, profile-check-online and stalk-my-profile
A wave of applications have been published that promise to reveal the truth about which of your friends are viewing your Facebook profile. The promise is worthless and the apps are bogus.
Rogue App wall post
Facebook users may notice wall posts or receive notifications from their friends, unwitting victims all, encouraging them to install the rogue app, along with bogus assurances on its reliability.
Rogue App "Configuration" screen
The app itself is designed to look convincing enough, but none of the many “Continue” buttons it offers will activate some under-the-counter profile checking functionality, they will just push you into another Facebook app earning the scammer advertising revenue in the process.
Notifications from two versions of the rogue app
In an interesting twist on the now familiar theme, at least one version of the rogue app will create a photo montage of all the infected user’s friends, tag it so that they all receive notifications and then post the photo.
Bogus photo montage from rogue app
These changes in scam tactics are clearly designed to overcome the changes that Facebook made recently to application functionality, including removing the ability for applications to send notifications directly.
I can see that Facebook are actively combating these applications as they are posted, even on a Sunday evening, which is commendable but… I said it first back in February 2009, isn’t it time Facebook at least had a review of their application publishing policy? The idea was dismissed back then, but now that these things are becoming a regular occurrence there must be a tremendous burden being placed on the incident response handlers at Facebook that could be better channeled into an application vetting process.
For now though, just don’t click the links, they will disappear from your streams as Facebook remove the offending apps. There is no officially sanctioned Facebook functionality that will allow you to view who has been checking your profile.
A quick look in your Photo stream will show you how widespread the victims of this scam are:
Screenshot of my own Photo stream
| Kurt: Monday, 15. March 2010 um 5:47 pm |
|
|
Yes, this is exactly what I activated — do you have “countermeasures?” |
|
| Rik Ferguson: Monday, 15. March 2010 um 5:50 pm |
|
|
I would imagine whichever app you activated has already been removed by Facebook, they were working the late shift on this one! I would suggest deleting any photo the app posted on your profile and not falling for it again :) |
|
| Value of “who is stalking me” functionality – RainbowInWater: Monday, 15. March 2010 um 10:51 pm |
|
|
[...] viewed their profile that they are continuously falling for the scam. In fact there are at least 25 different versions of this application on [...] |
|
| It’s Time For Facebook – Or, At Least, Someone – To Vet Third-Party Applications « dougv.com « The Web home of Doug Vanderweide: Tuesday, 16. March 2010 um 1:33 am |
|
|
[...] like to expand upon a central tenet of a blog post offered by Rik Furguson of Trend Micro, from which The Register drew its article: That it’s high time Facebook employed some sort of [...] |
|
| “Who’s Stalking My Profile?” on Facebook Doesn’t Work » TECH BOTTLE http://tbottle.com: Tuesday, 16. March 2010 um 2:06 am |
|
|
[...] you into another Facebook app earning the scammer advertising revenue in the process.” He reports that Facebook is removing the offending [...] |
|
| Iedereen veilig online » Blog Archive » Wie heeft je Facebook profiel bekeken?: Tuesday, 16. March 2010 um 9:56 am |
|
|
[...] Trendmicro [...] |
|
| Facebook users succumb to addon scam | Consider IT: Wednesday, 17. March 2010 um 10:49 am |
|
|
[...] Facebook app earning the scammer advertising revenue in the process,” Ferguson explains in a blog post containing screenshots illustrating the scam, which resurfaced over the weekend. “There is no [...] |
|
| Trend Micro waarschuwt voor schadelijke Facebook-applicatie | Beveiligingslog: Wednesday, 17. March 2010 um 12:22 pm |
|
|
[...] Kijk voor meer informatie (in het Engels) over deze schadelijk social media-applicaties op http://countermeasures.trendmicro.eu/whos-checking-your-facebook-profile-scammers. [...] |
|
| africantrader: Wednesday, 17. March 2010 um 5:57 pm |
|
|
I with “onobrahs”. I so rarely check FB anymore. The apps are especially annoying. All (most) your friends telling you what kind of animal, or flower or house or whatever they are. |
|
| Facebook users warned over stalk-my-profile scam | Computing: Wednesday, 17. March 2010 um 6:26 pm |
|
|
[...] Facebook app earning the scammer advertising revenue in the process,” Ferguson explains in a blog post containing screenshots illustrating the scam, which resurfaced over the [...] |
|
| James Wallis Martin: Wednesday, 17. March 2010 um 8:42 pm |
|
|
In order to prevent any spam or hacking, simply don’t use any of the Facebook apps. If you are concerned about an app filling your inbox, turn off the app in your settings. I don’t see the big deal. If you want to be anti-social and not reconnect with your friends from around the world, that is your choice, but I am sure your friends will miss you. Walking away means the spammers have beaten you. Just turn off all the apps. If Facebook doesn’t constantly change and keep up with the changes to social networking they will become antiquated. The world is changing constantly, adapt or fall behind and the pace of change is only going to get faster. |
|
| SearchCap: The Day In Search, March 17, 2010: Wednesday, 17. March 2010 um 10:03 pm |
|
|
[...] Who’s checking your Facebook profile? Scammers., CounterMeasures [...] |
|
| Scary ‘Stalker Apps’ Silenced by Facebook Due to Security Concerns | Everything's Social: Thursday, 18. March 2010 um 1:50 am |
|
|
[...] and could lead unsuspecting users to sites containing more malicious software or viruses. CounterMeasures demonstrates how many applications earn money by linking users to different Facebook apps and by [...] |
|
| Trend Micro waarschuwt voor schadelijke Facebook-applicatie | Computertaal: Thursday, 18. March 2010 um 8:03 am |
|
|
[...] voor meer informatie (in het Engels) over deze schadelijk social media-applicaties op http://countermeasures.trendmicro.eu/whos-checking-your-facebook-profile-scammers. AKPC_IDS += "8871,"; Stem of voeg toe aan [...] |
|
| Matt Murphy: Thursday, 18. March 2010 um 9:27 am |
|
|
I first became aware of this app about 10 days ago when I was invited by both my wife and my sister in law. I noticed that it was automatically posting on my facebook wall with comments that I never made. Nothing untoward, just general crap like “Matt Murphy likes this, it work’s!” I also noticed that it was making a very generic montage of friends, seven of which I knew hadn’t been on facebook for weeks and one that I’d only just sent a friend request to ( and had’t replied yet) so I thought something was a bit sus. Getting rid of it? easy but frustrating, as the app keeps making new posts while you are deleting the last but this is how I got rid of it. 1- delete the app from applications page (do this prior to deleting posts or it just adds more posts) 2- go to your profile and delete all references to the app 3- go to your photos and delete all montages and the albums it creates. 4- Warn everyone in your friends list and ask them to warn everyone they know. 5 Do a search for the person who originated the app (go to the home page you got it from and go to its wall, the developer will be listed. Then annoy the crap out of them, let your friends know about the developer, get them to do the same, then report them. Hope this helps, but to ensure that an app is genuine, and actually sent from one of your friends, IM them or send an email for them to confirm. or just dont use apps> |
|
| Episode 90 – What’s in your career plan? | InfoSec Daily: Friday, 19. March 2010 um 1:52 am |
|
|
[...] Facebook app earning the scammer advertising revenue in the process,” Ferguson explains in a blog post containing screenshots illustrating the scam, which resurfaced over the [...] |
|
| Facebook Blocked Checking-My-Profile Scam :: Facebook Wall: Friday, 19. March 2010 um 5:26 am |
|
|
[...] to Rik Ferguson, a Senior Security Consultant at Trend Micro, he has already identified 25 different copies of the [...] |
|
| Facebook Roundup: FTC, Design Changes, Nestlé, URLs and More: Saturday, 20. March 2010 um 2:00 am |
|
|
[...] “Who’s Looking At Your Profile?” apps that pop up on Facebook pretty frequently. Rik Ferguson reported that this version of spam has at least 25 different copies with names like “peeppeep-pro,” [...] |
|
| Who’s checking your Facebook profile? Scammers. | Business Computing World: Wednesday, 7. April 2010 um 4:17 pm |
|
|
[...] Link to the original site [...] |
|
| Facebook users warned over stalk-my-profile scam | WorldWar-E™: Thursday, 8. April 2010 um 5:54 pm |
|
|
[...] Facebook app earning the scammer advertising revenue in the process,” Ferguson explains in a blog post containing screenshots illustrating the scam, which resurfaced over the [...] |
|
| Traditional AV Testing: File Under 'Irrelevant' | Business Computing World: Tuesday, 27. April 2010 um 5:21 pm |
|
|
[...] most common is malware downloading other malware via the Internet. Infected web pages, PDFs, social networking sites and cloud-based services represent just some of the significant real or potential threats that [...] |
|
Monday, 15. March 2010 um 12:02 am
[...] sobre este artigo [aqui]. Gostou do artigo? Que tal [...]