Facebook and internet users have been warned to be cautious around the Fan Check application following revelations about malicious links that are being used to spread malware.
Graham Cluley, senior technology consultant at Sophos, claimed that he has been unable to confirm that the application is malicious in itself, although some Facebook users appear to be concerned that it might be behaving inappropriately.
Likewise David Harley, director of malware intelligence at ESET, admitted that no one has been very specific on what exactly the Fan Check application does as he has been unable to access it.
Harley said: “I've come across some friends who've been tagged by it, and it may be that all it's done up to now has been to tag people in a subscriber's contact lists and offer a ‘subscribe here and watch this space' message.
“However, I've seen reports that suggest that it may allow people to send messages to people they aren't already friends with, which is pretty worrying. I'm trying to find out more, but in the meantime, you might just want to avoid Fan Check altogether and be very cautious about following search engine links on any topical issue.”
Harley later offered an update from West Coast Labs' Lysa Myers, who confirmed that she knows of a number of people who have used the application and did not see anything suspicious happening. Myers claimed that the application did offer to send emails outside Facebook but did not insist on it.
However Cluley claimed that what was definitely happening was that the fear about the application was leading internet users into danger.
Cluley said: “Rather like the ‘Error Check System' application which raised concerns on Facebook in February, online rumours about ‘Fan Checks' secret agenda is causing thousands of people to turn to the internet for further information - leading them straight into a trap set up by cybercriminals.
“The phrase ‘Facebook Fan Check Virus' is currently a hot trending topic on Google, with many net users searching for information. However, hackers have set up websites pretending to be about the ‘Facebook Fan Check Virus', but which really host fake anti-virus software, which display bogus warnings about the security of your computer in an attempt to get you to install fraudulent software and cough-up your credit card details.
“Sophos's web-filtering products detect the malicious web pages proactively as Mal/FakeAvJs-A. The analysts in SophosLabs are analysing the fake anti-virus malware downloaded by these sites, and will be issuing detection as Troj/FakeAV-ZT. So, the obvious question is - why would you be searching for the phrase ‘Facebook Fan Check Virus' in the first place?”
Harley said: “It works in much the same way as the Labor Day scams - the bad guys are very fond of using topical issues. And, of course, fabricating them. I've been seeing reports of malware and rogue anti-malware masquerading as sex videos or nude photographs of female celebrities in the past day or two: of course, this is a frequent social engineering ploy.”