Facebook found pimping crudware
Print storyServes up ads for deceptive security software
Posted in Software & Security, 11th July 2007 01:47 GMT
Free whitepaper – The future of SaaS and IT infrastructure management
Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software.
Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it's a bargain.
We spotted a Flyer targeted at Facebook users in the San Francisco region that purportedly advertised a dating service. When clicked, the ad delivered a warning that our machine could be infected. Those who click through are taken to a site for a product called Malware Alarm which informs their machine is "infected with spyware!" The site then urges the user to download Malware Alarm.
Clicking on the Flyer that says "Join for Free" brings up this popup. The warning is part of a scam designed to trick Facebook users into buying unneeded security software.
Security vendors say Malware Alarm's free version gives bogus security warnings designed to con end users into buying a premium version of the program. The software has been reported to flag common Windows files and innocuous programs as malware.
Facebook isn't the only site that's been found to push such "crudware," as we've come to call programs such as Malware Alarm. Last week, a security researcher's blog hosted on Blogspot was found to also found to redirect users to a site associated with Malware Alarm. MSN and MySpace have also been found promoting the programs, which also go by the term scareware.
While there are no reports showing Malware Alarm steals passwords, sends out spam or engages in other malicious activity, the program is considered a pariah in security circles. The ability of its purveyors to infiltrate Facebook's advertising system raises questions about what else may be slipping through the cracks at the social networking site.
We contacted a Facebook representative to see if they were even aware of the problem but didn't get a response. ®
Free whitepaper – Impact of the dramatic increase in devices on the cost to support
Should your email live in the cloud: a comparative cost analysis
Hosted security IT manager's guide
Jump start your Application Security initiatives
Securing your Apache web server with a Thawte digital certificate
Sign up, sign up for The Register IT security newsletter
Former top Sun exec mourns end of a franchise
Win an HTC Touch Diamond2!
Disties braced for autumn reseller collapses