Dan Nicolescu from the Microsoft Malware Protection Center writes on the MMPC Threat Research & Response blog:
This morning my Facebook email address was invaded with spam (scam-spam as I call it) from people in my friends list with subject titles similar to the following:
- “<Some Friend1> invited you to the event You Gotta See This Exciting Feature!!<random number>"
- “<Some Friend 2> tagged you on Facebook”
The messages appeared suspicious to me, enough to trigger my “internal alert system”, and it made me wonder why so many of my friends fell for these silly antics?
The scam is to make you “install”, or authorize, an application that would gain instant access to all of your Facebook data and to your list of social friends. The application then tries to spread itself by posting fake messages on the walls of other contacts walls with message titles similar to the ones mentioned above.
The “<Some Friend1> tagged you on Facebook” message displays a list of people that allegedly looked up your Facebook profile. I say allegedly, because I know for sure I didn’t check out my friend’s profile 500+ times. In fact I don’t even believe I did it more than once and I don’t imagine Facebook would track this sort of information anyway.
Even if they did, I don’t imagine that information would be shared with these silly applications. Curiously, even among different posts that referred to different people, the profile view number was similar. The profile view count was the same, even among a different set of friends or groups. The profile view count was similar to the counts shown below:
<Person 1> – 1136 views
<Person 2> – 983 views
<Person 3> – 542 views
<Person 4> – 300 views
The counts appear to be arbitrary and not quantified. I hypothesize that the counts could be used to identify the apps using a “signature” or “fingerprint”.
So, long story short, by being trusting and installing these (dubious) applications on social media sites not only decreases greatly your privacy, but puts privacy at risk for those on your friends list as well, since these applications require explicit access to your personal data. Many messages are written poorly, and are grammatically incorrect English; some use the “leet” style. Below are some of the current scams that I am aware:
1. See who views your profile: Find Your Peekers app
Image 1 – “Find Y0urz”
2. “My T0p Pr0file Viewers” app:
Image 2 – “My T0p Pr0file Viewers”
3. “See what you’ll look in the future!” – This one is missing a single word, “like”; clicking the link directs you to the website to install the app:
Image 3 – “See what you’ll look in the future!”
4. <Some Friend> answered a question about you “Personality test” app
Image 4 – “Personality Test”
5. Another worth mentioning is the “You have a secret admirer“ app.
I have also completely blocked all messages (I consider them spam) arriving from apps Farm-anything and Mafia-anything. Several of these apps may automatically post messages on your friend’s walls and also send nagging messages.
Here are some tips on security settings in Facebook to help keep your inbox from being overrun and to help reduce the amount of random traffic on your walls. It is with great likelihood that no one answers secret questions about you, you probably don’t have a secret admirer, and nobody is secretly looking for you. If you were thinking differently to those possibilities, you will have better luck on a match-making site.
Other tips to help in keeping your online experience a sane one:
- Ignore suspicious messages, especially those that ask you to install an application or follow a link, and suggest your friends to do the same
- Remove suspicious applications you have installed on your Facebook account. Removing apps from your Facebook account is not quite a straightforward operation. See the next point on managing privacy settings.
- Manage your privacy settings:
Go to privacy settings
Image 5 – Privacy Settings in Facebook
Most of the information if not all should be available to friends only. An extreme countermeasure to reduce or eliminate spam on your wall is choose not to allow posts on your wall on privacy page, or de-friend “spammers” 🙂
Image 6 – Allow/disallow Friends to post on your wall
The privacy settings page looks like this
Image 7 – Privacy Settings page in Facebook
I circled three very important area:
- Apps and Websites
You would be surprised to see how many applications there are, and also ask yourself why does FarmTown require access to your photos and videos. That’s a silly proposition. Here you can remove applications from your account or restrict their access to your data. Below is an illustration of the information that is “required” of one app in particular and I chose to remove the app based on it’s requirements to information from my account:
Image 8 – Application with unnecessary requirements to personal information
Below is an illustration of an application that does not invade my privacy, with a requirement for only basic information:
Image 9 – Application with only basic information requirements
Info accessible through your friends
This refers to the information that your friend’s application has access to. Since you don’t have control over your friend’s applications directly, at least you can restrict the information their applications have access to from you. I unchecked everything, as shown below:
Image 10 – Info accessible through your friends
- Use the “Block Lists” – establish blocks on contacts that are known to promote spam or disregard your requests to stop spamming you.
- “Controlling How You Share” – this link describes more tips on privacy settings.
- Mark messages as spam, by clicking the X button found within the posted message, illustrated below:
Further classify the message as spam:
-- Dan Nicolescu, MMPC