Researchers Build Malicious Facebook Application
IDG News Service (09/05/08) Kirk, Jeremy
Researchers from the Foundation for Research and Technology in Heraklion, Greece, and the Institute for Infocomm Research in Singapore, have built Facebot, a malicious program for Facebook as part of an experiment to demonstrate the dangers of social networking applications. The researchers developed a Photo of the Day application that provides a new National Geographic photograph daily, but every time the application is activated it sends a flood of traffic to a victim’s Web site, causing a denial-of-service attack.
The researchers uploaded the Facebot application to Facebook in January and nearly 1,000 people have installed it in their profiles. The researchers then monitored traffic on a Web site they established for a Photo of the Day attack. If the traffic patterns observed could be applied to a Facebook application with a million or more users, the researchers estimate that a victim’s Web site could be flooded with as much as 23 megabits per second of traffic.
The researchers say Facebook applications have a highly-distributed platform, offering significant firepower for anyone that controls the applications. Facebook applications also can access users’ personal data, making it possible to record and transfer personal data to a remote server.
Social networking sites can take measures to prevent such malicious applications, by ensuring that applications cannot interact with hosts that are not a part of the social network, and by vigorously verifying new applications added to the social networking site.
It’s that vigorously verifying that gets me – how would we know if they do or not?
Feh. Stupid Facebook.
One thought on “Damn Facebook, anyway”
And yet they want all our info to download some stupid application that sends a fake Starbucks. Now I really feel safe.
Comments are closed.