Researchers Build Malicious Facebook Application
IDG News Service (09/05/08) Kirk, Jeremy
Researchers from the Foundation for Research and Technology in Heraklion, Greece, and the Institute for Infocomm Research in Singapore, have built Facebot, a malicious program for Facebook as part of an experiment to demonstrate the dangers of social networking applications. The researchers developed a Photo of the Day application that provides a new National Geographic photograph daily, but every time the application is activated it sends a flood of traffic to a victim’s Web site, causing a denial-of-service attack.
The researchers uploaded the Facebot application to Facebook in January and nearly 1,000 people have installed it in their profiles. The researchers then monitored traffic on a Web site they established for a Photo of the Day attack. If the traffic patterns observed could be applied to a Facebook application with a million or more users, the researchers estimate that a victim’s Web site could be flooded with as much as 23 megabits per second of traffic.
The researchers say Facebook applications have a highly-distributed platform, offering significant firepower for anyone that controls the applications. Facebook applications also can access users’ personal data, making it possible to record and transfer personal data to a remote server.
Social networking sites can take measures to prevent such malicious applications, by ensuring that applications cannot interact with hosts that are not a part of the social network, and by vigorously verifying new applications added to the social networking site.
It’s that vigorously verifying that gets me – how would we know if they do or not?
Feh. Stupid Facebook.