Unnamed App Facebook Scam

[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when the developer hasn't got around to giving it a name yet. The really important issue here, though, is that Googling for Unnamed App undoubtedly will turn up some malicious sites pushing fake security software!]

We hear that a hoax is circulating on Facebook, warning about a virus that is supposed to add an “Unnamed App" to the FB tabs.

As a result people are Googling for further information with a search string like “Unnamed App”. Doing this quickly reveals a SEO (Search Engine Optimization) campaign pushing fake security software (rogue AV). The alert I received mentions a malicious file detected by ESET products as "a variant of Win32/Kryptik.BXJ."

As you may have noticed, I'm very much against the misuse of Virustotal as an indicator of scanner effectiveness: the fact that a scanner isn't recorded as identifying a threat on a VT report doesn't necessarily mean that it won't detect that threat when it tries to execute on a victim's PC. However, a VT report from 22:04:51 (UTC) yesterday (26th January 2001) suggests that at that point, only 12 out of 40 products detected it, so you probably shouldn't assume that other scanners will detect it at the moment.

A current thread at Yahoo Answers suggests that "Unnamed App" is likely to refer to the "Boxes" tab which can be found on some Facebook profile pages, though the Facebook developers page at http://wiki.developers.facebook.com/index.php/Tabbed_Profile states that "Facebook is deprecating the profile boxes and the Boxes tab in late 2009/early 2010, as per our announcement." (The announcement is at http://developers.facebook.com/news.php?blog=1&story=326.)

Tip of the hat to Peter Kruse for flagging this issue.

That VT report by the way is:

http://www.virustotal.com/analisis/a2554d34db4ab9b672f20e0609cad88a27b27b12e94dfac413e43f50afeba769-1264543491

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macviruscom.wordpress.com/
 

 

Author David Harley, ESET

  • Jed 104

    I removed the unnamed app from my facebook and my boxes are still there. So I doubt its the boxes tab. I did notice that the recent slowness of the site lessened greatly after too. Who knows what it is but removing it helped me…

    • http://www.smallblue-greenworld.co.uk David Harley

      Thanks for that info, Jed.
      Unnamed app is obviously a generic label: it’s presumably not synonymous with Boxes, and may or may not refer to it. I haven’t seen either label on my own profile (I’m a relative recent FB user), but I doubt if this is down to a single malicious app. The first point is, though, that while Unnamed App may in some instances refer to something malicious, that doesn’t mean that “Unnamed app is a virus”. The second and more important point is that Googling for Unnamed App undoubtedly -will- turn up some malicious sites, and that’s something I -can- confirm from my own tests.

  • Julie

    I found it on my page and removed it. Whatever it is, I didn't give it permission and so I would have removed it anyway. I don't know what to make of the fact that it actually has an application page on Facebook that says this application was not created by Facebook. [Julie, thanks for the URL: I've removed it pending our taking a look at the site, just in case - David Harley]

  • Jen

    I didn't get any messages saying it was a virus, they all said it was an "internal spybot" that was making Facebook "slow". I deleted it and then opened my profile in another window, and couldn't see that it had made any visible changes to my profile page at all, so I left it deleted just to see what would happen. I haven't noticed any difference yet – yes, my access to Facebook applications is speedier, but I rebooted my computer too so everything's speedier right now.

  • pete

    having removed the un named app.. i now find that I cannot access my apps from my iphone or any other phone i try.. and this is the case for a lot of people who did the same. A solution would be greatly appreciated.

  • http://geekdrop.com GeekDrop

    Here's some more info on it, and how to fix your Boxes tab if anyone fell for the hoax:

    http://geekdrop.com/content/facebook-spybot-how-to-remove

  • Ray

    In this hardluck economy, anybody could be a victim of a scam. And cyber social network scams are on the rise.

    You must be ever vigilant with network accounts. You're dealing with with faceless people, groups and, now, apps.

    Watch out for "health" scams that offer bogus promises of cancer treatment, or say they can "cure" diseases.

    Beware all the Nigerian scams ("Please send me $").

    Avoid online gambling scams (protect your identity!). Just be safe and don't play them at all.

    Stay clear of the "Big Money for Little Work" scams. The huge MLM scams (VMDirect, Digital FX and helloWorld are but a couple of whoppers! Might as well flush your money down the toilet!). They're all promises, no rewards.

    And watch out for any outfits that ask for personal or banking information.

  • Miriam

    My facebook was running very slow, specially the inbox and messages tab, after I deleted this Unnamed App, it is working much better, not slow anymore, and I can access my inbox now without a problem, and no boxes were deleted, so I think this was for real a spybot.

    • http://www.smallblue-greenworld.co.uk David Harley

      Hi, Miriam. Facebook actually say that there was a bug causing this that they’ve now fixed, though they didn’t give details. While I can’t say that you didn’t have a malware problem, such a bug could also have caused the problems you suggest. After all, FB is a bit flaky at the best of times.

  • David Oropallo

    My wife uses IE8 to surf Facebook, and 3 or 4 times in the last month she has called me to ask what should she click, a message has popped up that our PC has been infected or is running a risk and needs an immediate scan.  I have Eset Smart Security, so that isn't the message, what she is getting is similar to the AntiVirus 2009 maleware that made the rounds.  She can't click on anything to close it without launching it.  I just have her Alt>F4 out, and then scan with Eset and Malewarebytes, but nothing comes up.  This always happens when she is viewing someone's photos.
    I never get this because I use FireFox for my surfing, and something isn't enabled to allow that bug to run.  I have tried different security settings in IE8, adjusting scripting and Java, but then it won't function properly on other pages.  At a loss.

    • http://www.smallblue-greenworld.co.uk David Harley

      David, that sounds as if she’s viewing photos on pages that have a problem with fake anti-malware. Are these photos posted to facebook accounts?

  • David Oropallo

    Yes they are poated on multiple friends accounts, not just one.   Here is a screenshot of what it looks like after it opens:
    http://www.tech-linkblog.com/wp-content/uploads/2009/06/powerantiviruscannerv2scam.JPG

  • David Oropallo

    Just want to add, she is browsing friend's pictures on their Facebook pages, no applications or polls, just looking at pictures.  It has happened 4 times so far, she says she just clicks on the picture, in order for the browser to advance to the next one in the album she is checking out.  It looks exactly like the screenshot I linked to above, there is a story that photo is attached to:
    http://www.tech-linkblog.com/facebook-games-having-scareware-redirect-sites/
    That guy claims he is playing a game and gets it.  We avoid all the apps and games, we only use FB for the connections with friends and family to share pictures or upcoming events.  And like I said I use Firefox and never get it, only IE8 gets the infection.
     
     

    • Randy Abrams

      We really don’t do support on the blog. All ESET customers are entitled to free support. Please check http://www.eset.com/support. You may have an add-on in IE that is part of the problem, but that’s a guess. A support specialist can ask the required questions to find the problem.

  • Ben

    Making apps is a lot more difficult than I expected! Good post though, thanks. :)

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

1 article related to:
Hot Topic
27 Jan 2010
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.