Facebook is being urged to be more careful about the
applications it allows its members to use, as it toils to remove a raft of apps
that were found to be part of a moneymaking scam.
Facebook says the apps, which promise to reveal the truth
about which of your friends are viewing your Facebook profile, do not work and
should be avoided. The rogue app even offers bogus assurances on its reliability,
when all it actually does is push the user to another app, each click earning
revenue for the scammer.
statement, Facebook said: "Don't believe any applications that claim they
can show you who's viewing your profile or photo. They can't." Facebook
added that it is "aggressively disabling" the apps.
Writing in Trend Micro's Countermeasures blog, security
expert Rik Ferguson noted another wrinkle: at least one version of the rogue
app will create a photo montage of all the infected user’s friends, tag it so
that they all receive notifications and then post the photo.
“These changes in scam tactics are clearly designed to
overcome the changes that Facebook made recently to application functionality,
including removing the ability for applications to send notifications directly,”
“I can see that Facebook are actively combating these
applications as they are posted, even on a Sunday evening, which is commendable
but… I said it first back in February 2009, isn’t it time Facebook at least had
a review of their application publishing policy? The idea was dismissed back
then, but now that these things are becoming a regular occurrence there must be
a tremendous burden being placed on the incident response handlers at Facebook
that could be better channelled into an application vetting process.
“For now though, just don’t click the links, they will
disappear from your streams as Facebook remove the offending apps. There is no
officially sanctioned Facebook functionality that will allow you to view who
has been checking your profile.”