Facebook application scare leads to Malware

by Steve Ragan - Sep 9 2009, 17:42

Searches related to the Facebook application FanCheck are leading some people to more than just information. This past weekend, rumor started to spread about FanCheck, with claims of it being a malicious application. Criminals taking advantage of the rush of FanCheck related searches, poisoned the search results, leading some users to Malware instead of information.

First off, FanCheck is an application on Facebook that you can use to see who your "biggest fans are". This is done by tracking the number of times someone comments on your Wall, comments left on your posts and images and more. FanCheck used to be known as Stalker Check, but the name change came after Facebook took some issue with the term stalker.

It is because of the "Stalker" in the original name that people assumed you can track who is viewing your profile, which is a false assumption. Facebook has never allowed an application to log any user data when they visit your profile. According to Facebook spokespeople, they have no plans to remove this passive browsing security feature.

"FanCheck contains NO malware," said Janakan Arulkumarasan, FanCheck’s developer, in an interview with IDG News Service.

“Unfortunately, some malicious developers have been spreading a lie that it is -- and encouraging people to download fake virus scanning software, which damages their computer. This is very unfortunate, but it has nothing to do with us.”

However, over the holiday weekend news started to spread that FanCheck was malicious. This sparked fear among some in the Facebook community, and led to a rush of "confirmation" reports in various blogs where people stated that FanCheck is a Virus. While the application can be annoying to some, and there have been plenty of complaints about it, Facebook has confirmed that the application is in fact clean.

Earlier this morning, Sophos released a warning about malicious FanCheck related searches online.

The Malware being spread related to FanCheck is actually the result of SEO Poisoning, or Black Hat SEO. This is where criminals target trending search results and create malicious pages that take advantage of searches online to spread malicious code and software.

When users started to search for FanCheck related Malware information on Google, Bing, and Yahoo, they were targeted by the criminals running the SEO scam, and as a result they were infected with various Malware. Most of the infections are Rogue anti-Virus applications. These are fake AV programs that will report infections on a clean system, and once it has discovered all of them, will gladly remove them all for a fee.

If you were infected, because of a search related to FanCheck, there are mitigations you can take to remove the infections if your anti-Virus software missed or failed to stop them. Malwarebytes AntiMalware is one program you can install that is very useful for cleaning off Rogue AV applications.(http://www.malwarebytes.org/mbam.php)

Fear alone started the malicious FanCheck news stories, and the criminals exploited this fear to attract new victims. While you can say that it was easily avoidable, it wasn't. People will search for information. The criminals know this and used it to their advantage. The best advice for protection against these types of threats is a little caution.

When searching for something, notice where you are heading. In most cases avoid domains that are RU or CN based. Stick to the main news channels for information, or known blogs and blog-related portals.

While there are millions of blogs online to read, another layer of protection is to ensure that you are using a fully patched browser, and that you constantly update installed software (Adobe Reader, Flash Player, etc.) and the operating system. Just yesterday, Microsoft released various patches for Windows, so if you haven’t installed them, now would be a good time to do so.

Anti-Virus protection is a must on Windows based systems. If you used OS X, then you should be using anti-Virus as well. Criminals do not target an operating system. The criminals target users. Anyone can be fooled or tricked into visiting a malicious page, and the criminals care little if you are a PC or a Mac.

Recently, criminals have developed malicious pages that will serve Malware based on the operating system, and exploits based on the browser. Even Apple, albeit reluctantly, has said anti-Virus protection on OS X is recommended.

When it comes to Facebook, use caution when you allow an application access to your profile. If you grant permission to an application, you are essentially allowing it to control your account on some levels. Late last year, as well as earlier this year, malicious Facebook applications were the reason that the Koobface family of Malware spread so fast.

Graham Cluley from Sophos hit the point exactly when he compared the FanCheck rumors and FUD to the "Error Check System" application, which raised concerns on Facebook in February.

“…online rumors about Fan Check's secret agenda is causing thousands of people to turn to the internet for further information - leading them straight into a trap set up by cybercriminals.”

Around the Web