The Killer Facebook Application Arrives and it Ain't Pretty

According to IDG News Serivce, “A team of researchers have built a malicious Facebook” application. We’ve heard this before it and now we’ll here it again. Facebook applications can be used to “dupe large numbers of users into downloading a seemingly harmless application that actually performs a clandestine attack that can cripple a Web site.

Wait, can’t any website do the exact same thing? Yes it can! These researchers came up with a new way of attacking their victims though. As the article revealed:

The researchers developed an application called “Photo of the Day,” which serves up a new National Geographic photo daily. But in the background, every time the application is clicked, it sends a 600 K-byte HTTP request for images to a victim’s Web site.

Those requests, as well as those images, are not seen by someone using Photo of the Day, which the researchers have termed a “Facebot” application. The effect is a flood of traffic to the victim’s Web site, known as a denial-of-service attack.

The application remains listed on Facebook and still hasn’t been shut down. While I’m guessing this application will be shut down within the next few hours it’s interesting to see a known application which is testing vulnerabilities is allowed to run on the platform. Then again, monitoring all of the packets being transferred between the application and the user and still determining a packet is harmful is completely unlikely.

I’m not quite that the vulnerabilities described are unique to social networks. Instead it sounds like the argument is that there are more “vulnerable users” on social networks then any random website. I’m not sure I agree with this argument but I’ll leave you to decide.