Facebook “Un Named App” scare leads to malware

Excellent write up by Trendmicro on the ‘un named app’ discussion that is spreading on Facebook. If you search Google for this, you may be tricked into downloading Malware to your machine and get compromised.

Here is the article.

[…] Nothing to worry about here as far as your Facebook is concerned, this does not appear to be a genuine malicious app. In fact a thread on Yahoo answers appears to demonstrate in a reproducible fashion that “Un named App” is nothing more than your “Boxes” tab on your Facebook profile page.

Beware though, there is still real risk attached to this Chinese whisper. Criminals have picked up on the concern among Facebook users (or possibly they were responsible for starting the rumour?) and they have already started to poison Google search results.

Google search result:

Google search result

I queried Google for “facebook unnamed app” and the third result on the first page pointed to a malicious website set up for the purposes of distributing fake anti-virus software, this time called “Security Tool”. If you are unwary enough to click the link you will be presented with a dialogue box informing you that you have a huge number of infected files on your machine and prompting you to use Security Tool to clean them up. The software of course is no real security solution and is designed to fool the victim into parting with hard-earned cash.

Be careful what you surf for.


Twitter Spam – protect yourself

Richard Stiennon over at ThreatChaos talks about a new application that is able to generate multitudes of Twitter IDs that then can be used to spam your Twitter feed with links that the spammers want the followers to click. He calls this ‘Twitter spam’, or ‘Twamm’.

You are able to protect your feed by locking down who can follow you. Rick Wanner at the SANS ISC Handlers’ Diary writes:

If you haven’t already it is probably time to consider screening who can follow you. To do that set your twitter account to “protect your updates”.  This is done through the settings link, on the account tab.

I do not have a Twitter feed, but I would definitely recommend restricting the sources that are able to follow you. Unless of course you have the feeling that the whole world needs to know what you are doing at any point in time. 🙂