Sunday, January 30, 2011

Facebook Closing down Fake Social App Spreading

 "Warning Facebook will be closing down soon, click here to verify your account" if your account is spreading that message your account has been infected with a fake social application. Like other fake social applications I have blogged about this posts messages that attempt to scare the user to click on a link. The link will then lead to a fake social application that asks the user to take a survey to earn the fake app creator cash for their fake application.

  Unlike the past few apps I have shared about that involve seeing who is on your friend list, or who is your top friend this Facebook is closing down apps tells users that their favorite social networking site will be closing down if they do not verify the account. The app is spreading via the app name: Social Network Close Down - February 15th. Fake social app writers have been making up dates for the day Facebook will be closing down for a while now and all of them have been proven false. So check the facts before you start clicking apps and spreading these fake apps. If you get infected by one of these make sure you remove the fake app from your app list.

Tuesday, January 25, 2011

How social scams and spam spread

 In my past posts I have discussed on what type of social spam and scams are going around but in this post I want to discuss how they are spread. They spread around a few different ways which I will cover in this post.

 The first way they spread is through status updates. This is by my research the most common way I have seen them spread. The bad social app updates the status with the common scam update and spreads it out to all the users friends. This is mainly how I see PageSpy or MyFirstStatus like apps spreading.

 The next way these apps spread is by posting on friends walls. The bad app will not make any changes to the users status to make it less noticeable but will spread the spam around to friends walls. The "Oh my see what this person posted to get expelled from school" or "Wow this news story amazed me" like spam apps normally go through this route in my research. This makes the bad app less noticeable by the account owner.

 The first of the two less common ways is through social inbox. Sending the bad app link directly to a user is not commonly from what I can tell currently (I am going by reports) but a few cases have been reported with the bad app sending direct messages.

 The final of the less common two is one of the newer ways that are being used. Some bad social apps, scams, and spam are sending users social instant messages to the users with just the temptation to click a link. The use of sending malware through an instant message is not new by newer variants of IM worms are now using the IM system of social networking sites. These attacks are not very common at the moment but are growing.

 So always watch what you click on social media sites.


Friday, January 21, 2011

Fake Facebook Apps get more personal

 Those fake spamming apps you see on your social network feed are getting more personal. Today I have noticed two different variants of the who viewed your profile and how many views you have scam spreading actively around social networking sites which add a touch of being personal to the user.

 The first variant of see who viewed your claims it can tell who views your profile the most. The app randomly would chose ten of your friends and tell you if you clicked on the short url link you could see the full list of who is viewing your profile enough. Be aware that it is impossible for an app to figure out who viewed your profile the most.

 The next variant type we saw was an extension of the my total views. Instead of just listing the total views it told you how many guys viewed your page and how many girls viewed your page. This would most likely make many more people believe that the app is showing the true amount when it was just a lot of random numbers.

All of these short urls have been reported to get shut down.

Thursday, January 20, 2011

Social Networking: A top target of Malware Infections and Scam Spam

 Social Networking has risen to become one of the most popular online destinations. As it has risen to popularity the amount of malware and spam spreading through it has risen with it. It is now simple to find a scam social app by just typing a few keywords into the social search bar. Today a large amount of malware links went through twitter (more on that later), and scams are also spreading heavily on all these social networking sites (Free Iphone is what I most commonly see but a few scams are advertising other products).

 First on the twitter malware attack that happened today. The attack was just a bunch of one short-url link posts, people being curious lead to to clicks on these malware links. The end result was an a few redirects that eventually lead you to one of those sites wanted to install a FakeAV on your machine. While doing analysis on the URL this morning only 5 vendors were detecting the initial redirect which you can see here: VT however I did not get to look into the payload before the links were taken down. You can see some more details on this attack over at my friends blog here (It is also a blog I highly recommend reading):

 Another type of social networking scam/malware thing I have see come up is those scamming apps that say they can tell you who has seen your profile or how many page views you have (I have written about these before). None of these apps can actually do as they say. The how many page views you have just posts a random number. Why do people make these you may ask, the surveys that you are asked to take. Most of the time when you sign up for the services asked in the survey in the app you end up paying for some service and the app creator gets some cut of the money. I have personally seen a big increase of apps like this in the past few weeks. So always watch what apps you let access your profile.

  The final type of scam I am going to warn you about is the sites that offer you things for free. If it is too good to be true it most likely is. I have a twitter search opened at the moment looking under the keywords "Free Iphone" to watch for these scam sites. So far as I have been writing this blog 344+ new tweets have been tweeted mentioning the words "Free Iphone". The number keeps growing every moment Not every one of these are actually scam ones however a majority are. However on the bright side as I extract most of these urls they are now being directed to that url shorting services warning site to warn that the url was being used for spam.

 So stay safe while you are using those social networking sites. If you come onto a site saying they will give you one of the most popular tech items free it is most likely a scam. If you see a facebook app that will tell you how many page views you have had or who is looking at your profile don't believe them. If you run into a short url and are tempted to click it run it through this URL extraction service which I highly recommend:

Saturday, January 8, 2011

My first Facebook post was spam wave hitting Facebook

 IGL-Security has noticed a large spam app wave of my first status posts going around facebook. Unlike the ProfileSpy like apps which promises to let you see who is looking at your profile this app says it can post what your first status was. None of these app's post truly what your first status was but either posts one of the two randomly selected message of "Wow this is better then MySpace" or "This is hard to use". Also each of the post says your first post was in 2007, even if you were not even on Facebook at that time.

 The App Names IGL-Security has noticed:

 Most of the apps are pointing through a URL shortened link. IGL noticed 5 different URL's that were being used a lot and have reported them in to get shut down. IGL has also reported the bad apps to Facebook to be shut down.
 The two most common bad social app themes at the moment are "My First Status" like apps and "ProfileSpy" like apps. Do not instantly trust these apps that say they will let you see who views your profile or let you see what your first status was.

Friday, January 7, 2011

ProfileSpy like apps spreading via Facebook

 While researching on Facebook we noticed another large wave of ProfileSpy apps spreading through Facebook. A few of the links to the bad app were posted on popular facebook fan pages, however most of them were just regular users pointing to the app. Like always these apps had the common "Oh my I can't believe this works, now I can see who viewed my profile" message. So always remember to watch what you click on the site.

 To remove the bad app from your account go to where it lists all the app's you have allowed on Facebook. Then delete the one(s) that looks out of place. This wave I have been looking at has a pretty obvious name so it should be simple to pick out what one(s) to remove. For the ones we spotted here is a short list of the app names:
  Pro Checker and
  Pro Me

  We have reported these ones to Facebook to have them removed.