The first spyware spreading with Facebook application has been discovered. Security company Fortinet reports that application called Secret Crush is installing Zango (aka AdWare.Win32.180Solution) with Iframe.
This is the procedure: "In opening the request, the recipient is informed that one of his/her friends has invited him/her to find out more information by using "Secret Crush"." The text included to the request entry is "One of Your Friends Might Have a Crush on You!" providing normal 'Find Out Who!' and 'Ignore' buttons. Advisory from Fortinet: "Facebook Widget Installing Spyware" http://www.fortiguardcenter.com/advisory/FGA-2007-16.html SecuriTeam Blogs: "My name is Zango, I am spyware and I found Facebook applications" http://blogs.securiteam.com/?p=1056 At time of writing it's not know if AV vendors offering Zango protection have protection for this Static.ZangoCash.com download process too. An interesting reference: "When is a Facebook Really a MySpace?" http://www.allfacebook.com/2008/01/when-is-a-facebook-really-a-myspace/ listing a very remarkable installation base :-( Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
