According to this report from security firm Fortinet, anyone who has installed the third party Facebook application “Secret Crush” is at risk of installing spyware.

The app allures users by saying “one of your friends my have a crush on you” and after installed it attempts to download the well-known spyware Zango.

Over 1 million Facebook users may have been infected due to the way this application encourages invites to 5 or more friends: “Before you can find out who might have a crush on you, you need to invite at least 5 friends!” Fortinet states:

This practically makes the widget a Social Worm. Unlike many social worms, the “Secret Crush” propagation strategy does not rely on phishing or any sort of user-space customization feature abuse (see our primer on social worms ). Rather, it relies on pure social engineering which is based on simple manipulation strategies such as “escalation of commitment”. Since users have freely chosen to install the widget at the cost of disclosing their personal information, psychologically speaking it is difficult for them to stop the process at that point.

secret-crush-invitation1.jpg
The core of the widget’s social propagation strategy

The attraction of access to large user bases and the explosion of open platforms are going to challenge security experts in a whole new perspective.


Recommended Reading: This site recommends Website Magazine for 'Net Success

Don't forget to subscribe so you don't miss out on future posts!

Share and Enjoy:

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • StumbleUpon
  • DZone
  • del.icio.us
  • Reddit
  • Mixx
  • Technorati
  • Sphinn
  • Facebook
  • Google
  • SphereIt
  • BlinkList
  • Furl
  • Ma.gnolia
  • Slashdot
  • Spurl
  • TailRank
  • TwitThis

Related Posts