Friday, December 24, 2010

ProfileSpy spreading Facebook

 I had no idea you could see all the people viewing our page! You guys are sick!! If you saw this when you logged onto Facebook today you may be wondering whats going on. What you are seeing are posts from the scam facebook applications known as ProfileSpy or PageSpy. 
 According to some research PageSpy/ProfileSpy has been spreading for a while through Fac ebook. Most of the past variants make a push at gettingyour mobile phone number. Once they have your mobile phone number they will sign you up for premium mobile phone services to raise your bill.
 To clean up your profile go into your Facebook Application settings and remove the application from your profile. Each variant of this Facebook app is different but the most recent one we have been tracking have the name itstime. So just look for something out of place and delete it.
 The app we found has been reported to Facebook and the shorted URL reported to Remember to always look into the urls before you click them.

Wednesday, December 22, 2010

Never Text again app spreading through Facebook

 Last night I was reading through my Facebook feed and noticed an odd application post on my feed. The odd app made a post that said "I am no longer texting after reading this - (link)". Clearly it was a malicious facebook application so I decided I would research it more in the morning. This morning I went to check it out and the post and app was removed by Facebook. Although I was glad the app was removed I decided to find out how many other app's like this were spreading this same message.

 It took me a grand total of 10 seconds to find another app spreading the same message. The new app I found was spreading with the message "You'll never send a text msg again after reading this!--> (link to app)". The app had a flow of users clicking the app and allowing the app to post the message to all the friends they had on Facebook. I searched the homepage of the app for any malicious payload but I found no malware Malware may be hiding somewhere else but a quick glance of the site nothing bad was seen. However its not the same for every app so you may get infected from another one of the apps like this So what lays beyond the link you may ask? Most likely survey spam and scams, and like all these app's the link will be spread to all your friends via your newsfeed. A few of these apps have malware hidden behind them but not all of them.

 This is only one example of the many apps like this spreading through Facebook. This is only one variant of the many "never texting again apps". In fact not to long ago Sophos security researchers ran into another variant the never texting again app and wrote about it on the Sophos Security Blog: You can check out that article here

 I would like to end on some security tips on how to remain safe from these types of social infections:

1. Make sure your friends posts sounds like them, if you have a friend saying they are never going to text again after reading some news and you know they love to text you should know they are not going to quit that quickly. They quick change in behavior and odd link are clear malware fakebook app behavior.

2. Look at the bottom of the message, if the message says something like "posted an hour ago" or "posted from mobile web" you can tell the post was made by a human. Most of these odd post apps have very weird names, I have seen one that the app name was ":)".

3. If one of your friends gets infected with one of these odd apps kindly inform them that they are spreading it on facebook. Also it may be a good idea to comment on the link to warn others from clicking on it. Finally see if they can remove the app from the apps they have permitted on facebook so it will stop posting.

Thursday, December 16, 2010

Introducing Edge

Edge is a personal malware classification tool designed for malware hunters looking to neatly classify malware samples. Edge is very simple to use, and contains a easy to follow instruction guide. Edge is a great tool to add to any malware hunters toolkit.

New in v1.0.0.6

 1. First Stable release
 2. Built in Malware Classification logging system
 3. Improved Malware Database

 Download link:

 This is the first public release of Edge so it is not bug free. If you run into any problems feel free to post them as comments on this post.