Unnamed App Facebook Scam

Unnamed App Facebook Scam

[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when

[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when

[Update: There's been quite a lot of discussion and extra information coming in on this. It seems to me that there is at least one unnamed app around as well as the Boxes issue, and while I've no reason to assume that it's malicious, I'd hardly advise that you rush into installing an application when the developer hasn't got around to giving it a name yet. The really important issue here, though, is that Googling for Unnamed App undoubtedly will turn up some malicious sites pushing fake security software!]

We hear that a hoax is circulating on Facebook, warning about a virus that is supposed to add an “Unnamed App" to the FB tabs.

As a result people are Googling for further information with a search string like “Unnamed App”. Doing this quickly reveals a SEO (Search Engine Optimization) campaign pushing fake security software (rogue AV). The alert I received mentions a malicious file detected by ESET products as "a variant of Win32/Kryptik.BXJ."

As you may have noticed, I'm very much against the misuse of Virustotal as an indicator of scanner effectiveness: the fact that a scanner isn't recorded as identifying a threat on a VT report doesn't necessarily mean that it won't detect that threat when it tries to execute on a victim's PC. However, a VT report from 22:04:51 (UTC) yesterday (26th January 2001) suggests that at that point, only 12 out of 40 products detected it, so you probably shouldn't assume that other scanners will detect it at the moment.

A current thread at Yahoo Answers suggests that "Unnamed App" is likely to refer to the "Boxes" tab which can be found on some Facebook profile pages, though the Facebook developers page at http://wiki.developers.facebook.com/index.php/Tabbed_Profile states that "Facebook is deprecating the profile boxes and the Boxes tab in late 2009/early 2010, as per our announcement." (The announcement is at http://developers.facebook.com/news.php?blog=1&story=326.)

Tip of the hat to Peter Kruse for flagging this issue.

That VT report by the way is:

http://www.virustotal.com/analisis/a2554d34db4ab9b672f20e0609cad88a27b27b12e94dfac413e43f50afeba769-1264543491

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch (or @ESETblog)
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Also blogging at:
http://smallbluegreenblog.wordpress.com/
http://avien.net/blog
http://blogs.securiteam.com
http://blog.isc2.org/
http://macviruscom.wordpress.com/
 

 

Discussion