eWeek Security Watch
Advertisement
Advertisement
January 3, 2008 8:47 PM

Beware the Facebook 'Secret Crush'



Spyware has landed on Facebook.

According to researchers at Fortinet, a malicious Facebook Widget actively spreading on the popular social networking site is serving as a lure to trick users into installing the notorious Zango adware/spyware program.

secret_crush.jpg

According to a detailed advisory from Fortinet (complete with screenshots), the so-called "Secret Crush" widget powers a software installation that traces back to Zango.

Needless to say that clicking on "Download Now" leads to a copy of the infamous Zango adware/spyware. This was formerly known as BetterInternet, and is currently caught by Fortinet as Adware/Zango as can be seen in Figure 6. By downloading, the malicious widget authors get rewarded with a fistful of pennies upon each download (which, after a few million clicks, probably sums up to an impressive total).

Fortinet said the widget is already being used by 3 percent of the Facebook community, which amounts to more than one million users.

Posted by Ryan Naraine on January 3, 2008 8:47 PM

| Comments (0) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://securitywatch.eweek.com/cgi-bin/mte/mt-tb.cgi/12352

Post a Comment

 
 


RSS Syndication

Breaking News

Advertisement

Apple

Browsers

Cisco

Corporate espionage

Disaster Planning

eBay

Exploits and Attacks

Flaws

Google

Identity Theft

Intrusion Detection/Prevention

Mergers and Acquisitions

Microsoft Windows

Open Source

Oracle

Patches

Phishing and Fraud

Privacy

Product Reviews

Rootkits

Spam

Virus and Spyware

Vulnerability Research

Advertisement
Security Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise, Inc. All Rights Reserved. Security Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise