Facebook Script Kiddie joy

What is it with the “Malware made easy” schtick that is roaming all media at the moment?

Here’s an article from The Register^[1] on a Facebook tool that makes point and click Scams, malware or whatever you want simple. Most common though are survey pushes that generate revenue (via the clicks made by the victims).

The original blog entry^[2] is from WebSense. Well written simple description of how these things look and work.

It was only a matter of time before someone started selling hacking tools. But it is disappointing. The only real way around this kind of attack is to close-book the original app: no Starfleet Commander, no Quizzes, no Mafia or any other themed game.
But we all like and love all these. The latest utter scam, Facebook doesn’t allow it, are the “who read my profile” apps. Just leave them well alone! I myself have found myself within a click of something similar. It’s jet so hard to tell genuine from malware.

You can’t even trust recommendations from friends as if their profile is hacked then the app itself could post promotions, apparently from Bob.

For all of the above reasons, even taking into account the huge benefits, I cannot recommend any system that includes “extension” that do not have a clear vetting procedure. Everyone, there is a reason why Apples iStore is so beloved of it’s users – other vendors take note!

Be cautious out there.

References
[1]The Register (Facebook Exploit Toolkit) 08/02/2011
[2]WebSense 08/02/2011

– Posted using BlogPress from my iPhone