Skip to main content

Facebook Secret Crush App could cost you dear

Emails prompting users to find out who sent that "secret crush" email have for long been cursed by internet users, many of whom got the equivalent of a virtual STD in the process.

Using the same social engineering catch, malicious coders are now taking on the Facebook Platform application by storm.

Fortinet Global Security Research Team discovered a malicious Facebook Widget that is actively spreading on the social networking website and installs Zango Spyware/Adware.

Unsurprisingly, the widget is called "secret crush" and Fortinet has a detailed step by step guide as to how this social worms spread.

The final step of the operation is when the widget prompts you to install a file, which is where the widget publisher gets its pennies.

Traffic to the Zango website is quickly growing as shown by Alexa (opens in new tab), partly explained by the success of Secret Crush.

The site is currently ranked 549 in Alexa's top listing, a massive 500 places won since the beginning of December.

Fortinet says that more than 3 percent of the Facebook community, roughly 1 million users, have already installed the widget and it is propagating like wildfire.

The security company also expects 2008 to be even more dangerous as criminals look for novel ways to circumvent security measures put in place by Social Networking Sites.

Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.