Facebook attacks are becoming commoditised, with cheap toolkits providing potential cybercriminals with access to users’ Facebook accounts, according to an investigation by Websense.
This week Websense Security Labs discovered a $25 “Create Your Own” rogue Facebook application. We’ve seen it done with other major exploits, now we’ve seen it with Facebook – cheap, template exploit kits perfect for cybercriminals on the prowl.
For just the cost of a few mp3s, you can get a template that 1) spreads malware or 2) directs users to click-fraud accounts or 3) direct users to bogus surveys to get their personal information. $25 for a virally spreading mechanism that can infect thousands of users at a time. A new era of commoditization of malicious activity for Facebook is now here.
You probably saw it this weekend. Did your friends’ Facebook profiles suddenly sprout an application and message about finding out who is looking at your profile?
These “Profile Creeps” and “Creeper Tracker” applications are increasingly becoming a daily occurrence, and are likely to have been created by these templates.
This phenomenon of template Facebook applications shows how the spamming culture is consolidating more and more around Facebook and adapting to the platform, increasing what we call Web spam. Websense Security Labs blog features more details on this exploit kit here.
Please let me know if you are interested in speaking with a Websense researcher about why the discovery of this kit is significant, what this can potentially mean for users of Facebook and how the commoditisation of internet threats is changing the ease in which criminals can deploy and take advantage of internet users.
Commenting on the discovery, Patrik Runald, Senior Manager, Security Research, Websense; “The bad guys will continue to look to take advantage of every available resource on the Web, including Facebook, in an effort to make money or steal information.
“With the introduction of exploit kits and the templates for rogue Facebook applications, like the one we just discovered, the threshold for entry for criminal activity is significantly lowered. These kits are increasingly becoming commoditised and, with it, the potential pool of attackers and victims increases,” Runald concluded.
For more details, visit the Websense blog here.
