Widespread Facebook application installs adware

Sophos Press Release

Secret Crush leads to unwanted advertising

IT security and control firm Sophos has warned users of the popular Facebook social-networking site to exercise care over which applications they install following the discovery of a "Secret Crush" app that downloads adware onto their PC.

Facebook users are sent invitations to add the Secret Crush application by other users
Facebook users are sent invitations to add the Secret Crush application by other users.

The Secret Crush application, which at the time of writing has over 50,000 daily users on Facebook, invites people to find out who amongst their friends has a secret crush on them. Users tempted to discover more have to invite at least five other Facebook users to install the application before their mystery admirer is revealed.

Some 50,000 Facebook users are said to use the Secret Crush application each day
Some 50,000 Facebook users are said to use the Secret Crush application each day.

However, no secret crush is ever revealed. Instead users are directed to an external website which invites Facebook users to download potentially unwanted applications that will display pop-up advertising.

"Whoever wrote this Secret Crush application is cashing-in big time, by encouraging people to download the adware. As an affiliate for the people displaying the nuisance pop-up adverts, they are getting paid for each successful installation," said Graham Cluley, senior technology consultant for Sophos. "Facebook users must show greater discretion about how they use the site, and which applications they install. These third party widgets are not written by Facebook, and can mean that you are carelessly sharing your personal information with strangers or risking your computer's security."

Sophos experts believe that companies need to set policies regarding Facebook usage, and implement web security solutions, to prevent dangers entering the workplace.

"Companies need to make their own mind up as to whether they want to allow their users to access websites like Facebook and MySpace during office hours. If workers are allowed to be given access to these sites then it's vital that they do not put their personal and corporate data at risk," explained Cluley. "If your users are installing third party Facebook applications in the office they could potentially be bringing adware, spyware and malware into your organization at the same time. The best defense is for businesses to defend themselves with a web security and control appliance which can filter internet access and prevent the downloading of malicious code."

Sophos notes that although Facebook appears to have removed Secret Crush from its search results, it is still possible at the time of writing to install the offending application.

"Facebook has thousands of third party applications available on its site for members to install, and it's obviously proving impossible for them to police them all," continued Cluley. "The message from Facebook to its users appears to be 'add third party applications at your own risk'."

Last year, Sophos published research showing that 41 percent of Facebook users were prepared to divulge personal information to a complete stranger (a small plastic frog called Freddi Staur - an anagram of 'ID Fraudster').

Simply click on the arrow above to stream the podcast through your browser. Alternatively you can download it to your MP3 player.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.

More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.