Today I received some interesting wall posts that claimed to be from my Aunt. The first looked like the following:
hey do me a favor and try the new crush calculator, don’t worry its not some annoying facebook application that makes you invite all your friends, the crush calc works with your mobile phone and it uses a special scientific way to find the person near you that has a crush on you, guess what? it actually worked, for me and 4 friends, yes this is for real you gotta see this, try it right now and see for yourself, its too crazy. http://www.fkgcp.com
The second looked like this:
i finally found the best source out there for all the latest ringtines for my phone at http://www.vyzxw.com they dont sound bad like the ones from my actual phone company, these are 100 times better and they have thousands and thousands of ringers to choose from and when you use them the first time you get 20 free ringtones. stop paying so much for your ringtones,don’t be a sucker, get them from my place, http://www.vyzxw.com
I checked with my Aunt, and she thinks someone may have stolen her password and hijacked her account to send out those messages to all her friends. My brother got a few of these posted to his wall as well from her Account. I also noticed that her status was changed to, “totally hooked on the crush calculator”.
Then, I did some research on Google for “crush calculator” and came up with this article on CNet. It appears that there used to be an Application on Facebook called “Secret Crush” that would install Spyware on peoples’ computers. Facebook quickly removed the application, but it appears they may be retaliating.
Doing a search for “crush calculator” on Facebook reveals a few groups users on Facebook have set up to apologize to their friends for someone hacking into their account and sending messages to all their friends about the “Crush Calculator”.
So, this could be a few things:
- Could the Zango application have been installed on these users and they are now using that retrieved Facebook data to hack into users’ accounts, scrape the Wall, and post to all of their friends’ walls?
- People related to “Secret Crush” are retaliating, finding easy passwords, and hacking accounts to send messages to all the friends of a user and get those users to go to the sites listed above.
- Third-party hackers are getting paid to hack into these accounts and send out messages.
- This could truly be one of the first “Social Worms”, instead of circling the internet, following your list of friends and their friends, spreading as it harvests information from those profiles for more damage in other areas.
It’s also very interesting that since I was now known to this “hacker”, or “worm”, whichever it may be, I am now for some reason getting lots of spam Skype messages. The only place I really list this in the open is on my Facebook profile, which is only visible to my Facebook friends. Could they have harvested my information as well? A social worm is truly dangerous!
There is nothing stopping one of these applications from collecting a bunch of user data and sending messages out to each of the friends of the users that added the application. Facebook does track this and puts a quick end to them, but just like any other application you install on your computer, you have to be careful of the Applications you install on your Facebook account! Verify that you know the sending user well, and ask them their experiences first.
Most of all, check your passwords! Be sure you always have a strong password for your Facebook login, and this probably won’t happen to you. Have any of you experienced similar issues?