Facebook Virus - insanelyfunny
Since Facebook has an API and Apps that allow creating small programs which can directly interact with data and information without the profile owner's participation, bad actors also appeared who used all of this for purposes quite different from the original intent.
This is about: http://apps.facebook.com/insanelyfunny/
Since Facebook has an API and Apps that allow creating small programs which can directly interact with data and information without the profile owner's participation, bad actors also appeared who used all of this for purposes quite different from the original intent. Facebook applications are in principle neither good nor bad. Before such an application can access any information from your profile (profile description, friends list, etc.) or perform automated actions (rate pages or images, send messages, etc.) - explicit consent, or permission, is required. True, this permission, it turns out, is not safe and can be hidden under a label reading "next joke".

Fortunately, you can also cut the oxygen off from an application - by deleting it from the allowed applications (on the left - applications), and also by restricting it. The next piece of good news is that attention should be paid to posts on the wall. If actions start appearing there that you definitely did not perform yourself - it's time to raise the alarm.

If the application looks outright suspicious - when opening an application, at the very bottom there is a "report" link, where you can report the bad actor. There's no knowing whether anyone will respond, but know that such an option exists. The bad news is that in the insanelyfunny case, the page was automatically redirected to another page shortly after opening it, thereby closing off the ability to report it.
Reported as privacy abuse.
The moral - the "Allow" button means allowing access to your data. Think twice before pressing it. Twice! :)
A guide for "virus writers":
- Hide the "Allow" link as much as possible. For example, label this link "next joke"; after that there will still be a FB pop-up with an unambiguous permission request, but the user may not notice and allow it anyway.
- The application should redirect to another page after a short while, to prevent the user from being able to report the application as spam.
- Since the application is not hosted on FB's server but on any other server, AJAX and other technologies are at your disposal.
comments