Facebook Security issues

Beware of a group invitation received on Facebook. The invitation read: “Facebook MessengerTM NEW Facebook Messenger Available Now For News Facebook.”

People reporting something was wrong with the site. It was clearly not a Facebook-endorsed application or download site and was also obviously not created as part of the Facebook Developer Network. How to know this? Well, the URL to the download site and lots of weird characters, namely. There were a bevy of different languages strewn throughout the page. And there was this message:

“Note: You have to Invite your all Friends and tell Them to Download it so you can chat with your friends on FB Messenger and Its Truste Download so Dont Worry about the program.”

Also the download site to see what was there (Not recommended — never click on suspicious links. Do as I say, not as I do) and was met with a really ugly download site for a really ugly tool bar

You won't find anything especially malicious — and the toolbar itself did appear to be safe and legitimate — but he did find some questionable links. A bevy of “free SMS” sites included — so perhaps this is a model for adware if not malware? Or potential click fraud?

“In this day of the ad-supported Internet, page views can be more valuable and cost-effective than malware that will only infect 1 percent of potential victims,” Cortesi said. “It’s really odd. Some sites are completely legit while others are just derivatives of the shady-ness.”

Does it really matter if nothing bad was found? It just as easily could have been malicious. This is group developed on Facebook, claiming to be an official Facebook tool, linking off of the site to a questionable downloadable application. You say, “Well, will Facebook delete it?” They did, but only after I alerted them to the issue on Monday night. And not before the group had more than 1 million users. And it didn’t appear, that installing the application forced people to join the group. It appeared that people willingly joined this suspect group.


Facebook commented :
“Our user operations team investigated this group and removed it as well as another similar one. Facebook’s policy is to remove intentionally deceptive groups when they’re reported to us,” they said.

Record scratch. “Reported to us.” This is dangerous. More than 1 million of Facebook’s users could’ve been in danger of downloading malware or landing on some sort of phishing scam. The onus is somewhat on Facebook to take more proactive measures when it comes to monitoring these groups and posted links (or maybe incorporating some “you are leaving Facebook warning system” as they do with email messages). Unfortunately at this point in time there is little else Facebook can do.

“Not unless they have a bank of virtual hosts in place that scrape all of their links, automatically browse them and check for malware infections,” Cortesi said. “While measures to prevent malware are in place on Google and within popular browsers such as Internet Explorer and Firefox, validating every link in the world’s largest social network is a challenge that does not currently justify the investment. Such is the challenge of any organization balancing the inherent risk of doing business on the Internet with the overwhelming rewards.”

While Facebook figures this no-win situation out, users need to start paying more attention to the types of groups they join and the third-party downloads they install on their machines.

Finally we had to take care ourself, never follow untrustworthy links!! keep it clean and save..happy facebook..