The popular social networking site Facebook, which is always finding itself the target for many scammers and hoaxers has been facing a surge of attacks recently targeted at its Instant chat feature that comes integrated within the website.
Facebook users have been complaining about malicious links that are circulating automatically throughout the Chat facility that direct unwitting users to application installation pages. Such Facebook applications are typically survey scams where victims are told to complete surveys, which when completed make money for the scammers.
The surge of attacks using the Chat facility has led to many people leaving the blame on “self-generating viruses” (see here for our article on that warning), worms and Koobface threats, when in reality the blame is on the rogue self-propagating Facebook applications.
The links that are circulating through Chat are bundled with some curious message that is designed to bait victims into clicking the link. Once clicked, users are taken to a page like the one below.
As you can see from the permissions page on this application installation page, the Facebook application wants access to your Facebook Chat facility. It needs this so it can pass the same message that fooled you onto your Facebook contacts.
Additionally once the application installs, users are typically urged to complete a survey to see or receive whatever the original Chat message promised.
The messages circulating throughout chat are different, but some popular ones include –
"OMG: This girl killed herself after her FATHER posted this message on her wall"
(again!)
"It will make you reevaluate what you put on your wall after seeing this"
"hey lol check out this girl,she i cant believe this video"
"omg hahah have u seen this photo u got tagged in LOL"
"omg hahah have u seen this photo u got tagged in LOL"
Other similar derivatives are also used, all of them designed to lure curiosity from the potential victim.
Worth noting is the links bundled with these messages nearly always use the Bit.Ly shortcut method, which hides the true URL address.
Facebook does its best to delete such applications and usually does so within hours of them popping up, meaning many of these messages end up pointing to dead links where the application used to be, but the open nature of Facebooks application development platform means that new rogue applications are literally popping up everyday.
Always be wary of links sent to you through wall postings, comments or through Facebook chat, especially if that link and message seems suspicious or out of character with the sender, or if the link is disguised with a URL shortener such as Bit.Ly. Never install Facebook applications that appear after clicking on such links, and if you have, you should visit this page that contains instructions on how to remove rogue Facebook applications.