Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

"Free $200 Ebay Gift Card" leads to rogue Facebook app

Posted on 14 February 2012.

A message sharing an "event" offering a "Free $200 Ebay Gift Card for first 10,000 Attendants!" has been popping up on Facebook users' walls in the last couple of days.

Predictably, it links to the Facebook page set up for the "event", and on it is a list of things users are required to claim the gift card:

Join the page
Invite 50 friends to the event
Share the event on their wall, and
Visit a linked page.

The page offers a bogus app ("WhosStalking?") that promises to tell them who viewed their profile, but the list of permissions it asks tells another story:

Users who have fallen for the scheme and install the app have now given it permission to post messages and other things on their profiles.

According to Bitdefender, the app immediately takes advantage of this - it posts a message "revealing" how many people viewed the users' profile and, of course, invites the users' friends to get the app for themselves.

Needless to say, the number it provides is bogus, and the only thing that the victims succeeded in doing successfully is to propagate the scam far and wide.